1 | <?xml version="1.0" encoding="ISO-8859-1"?>
|
---|
2 | <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
---|
3 | "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
---|
4 | <!ENTITY % general-entities SYSTEM "../general.ent">
|
---|
5 | %general-entities;
|
---|
6 | ]>
|
---|
7 |
|
---|
8 | <sect1 id="ch-tools-changingowner">
|
---|
9 | <?dbhtml filename="changingowner.html"?>
|
---|
10 |
|
---|
11 | <title>Changing Ownership</title>
|
---|
12 |
|
---|
13 | <note>
|
---|
14 | <para>The commands in the remainder of this book must be performed while
|
---|
15 | logged in as user <systemitem class="username">root</systemitem> and no
|
---|
16 | longer as user <systemitem class="username">lfs</systemitem>. Also, double
|
---|
17 | check that <envar>$LFS</envar> is set in <systemitem
|
---|
18 | class="username">root</systemitem>'s environment.</para>
|
---|
19 | </note>
|
---|
20 |
|
---|
21 | <para>Currently, the whole directory hierarchy in <filename
|
---|
22 | class="directory">$LFS</filename>
|
---|
23 | is owned by the user <systemitem class="username">lfs</systemitem>, a user
|
---|
24 | that exists only on the host system. If the directories and files under <filename
|
---|
25 | class="directory">$LFS</filename> are kept as they are, they will be
|
---|
26 | owned by a user ID without a corresponding account. This is dangerous because
|
---|
27 | a user account created later could get this same user ID and would own all
|
---|
28 | the files under <filename class="directory">$LFS</filename>, thus exposing
|
---|
29 | these files to possible malicious manipulation.</para>
|
---|
30 |
|
---|
31 | <para>To address this issue, change the
|
---|
32 | ownership of the <filename class="directory">$LFS/*</filename> directories to
|
---|
33 | user <systemitem class="username">root</systemitem> by running the following
|
---|
34 | command:</para>
|
---|
35 |
|
---|
36 | <screen><userinput>chown -R root:root $LFS/{usr,lib,var,etc,bin,sbin,tools}
|
---|
37 | case $(uname -m) in
|
---|
38 | x86_64) chown -R root:root $LFS/lib64 ;;
|
---|
39 | esac</userinput></screen>
|
---|
40 |
|
---|
41 | <para arch="ml_32,ml_x32,ml_all">Some more directories exists for
|
---|
42 | multilib support. Change their ownership, too:</para>
|
---|
43 | <screen arch="ml_32,ml_x32,ml_all"><userinput arch="ml_32,ml_all">chown -R root:root $LFS&lib-m32;</userinput>
|
---|
44 | <userinput arch="ml_x32,ml_all">chown -R root:root $LFS&lib-mx32;</userinput></screen>
|
---|
45 |
|
---|
46 | </sect1>
|
---|