gronod/lfs
1
0
Fork 0
mirror of https://git.linuxfromscratch.org/lfs.git synced 2025-01-31 11:21:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

[Bug 149] Addition and Removal of files to resolve bug 149 (Install all software as an unprivileged user)

Browse Source 
git-svn-id: http://svn.linuxfromscratch.org/LFS/trunk/BOOK@1470 4aa44e1e-78dd-0310-a6d2-fbcd4c07a689
This commit is contained in:
Marc Heerdink 2002-01-23 18:24:44 +00:00
parent 93dba6aba6
commit 062461b217
5 changed files with 140 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
chapter03/creatingdirs.xml
View File

@ -1,77 +0,0 @@
<sect1 id="ch04-creatingdirs">
<title>Creating directories</title>
<?dbhtml filename="creatingdirs.html" dir="chapter04"?>
<para>Before we start creating directories, we need to check the base
system's umask setting. To do this, we run
<userinput>umask</userinput>. The result should be 022. If it isn't,
then run the following command to ensure that the directories will be
created with the correct permissions:</para>
<para><screen><userinput>umask 022</userinput></screen></para>
<para>We would advise you to make sure that the umask is set to 022
throughout your LFS installation.</para>
<para>Let's now create the directory tree on the LFS partition based on the FHS
standard, which can be found at <ulink
url="http://www.pathname.com/fhs/">http://www.pathname.com/fhs/</ulink>.
Issuing the following commands will create a default directory layout:</para>
<para><screen><userinput>cd $LFS &amp;&amp;</userinput>
<userinput>mkdir -p bin boot dev/pts etc/opt home lib mnt proc root sbin tmp var opt &amp;&amp;</userinput>
<userinput>for dirname in $LFS/usr $LFS/usr/local</userinput>
<userinput><literal>&nbsp;&nbsp;&nbsp;do</literal></userinput>
<userinput>&nbsp;&nbsp;&nbsp;mkdir $dirname</userinput>
<userinput>&nbsp;&nbsp;&nbsp;cd $dirname</userinput>
<userinput>&nbsp;&nbsp;&nbsp;mkdir bin etc include lib sbin share src var</userinput>
<userinput>&nbsp;&nbsp;&nbsp;ln -s share/man</userinput>
<userinput>&nbsp;&nbsp;&nbsp;ln -s share/doc</userinput>
<userinput>&nbsp;&nbsp;&nbsp;ln -s share/info</userinput>
<userinput>&nbsp;&nbsp;&nbsp;cd $dirname/share</userinput>
<userinput>&nbsp;&nbsp;&nbsp;mkdir dict doc info locale man nls misc terminfo zoneinfo</userinput>
<userinput>&nbsp;&nbsp;&nbsp;cd $dirname/share/man</userinput>
<userinput>&nbsp;&nbsp;&nbsp;mkdir man{1,2,3,4,5,6,7,8}</userinput>
<userinput>done &amp;&amp;</userinput>
<userinput>cd $LFS/var &amp;&amp;</userinput>
<userinput>mkdir -p lock log mail run spool tmp opt cache lib/misc local &amp;&amp;</userinput>
<userinput>cd $LFS/opt &amp;&amp;</userinput>
<userinput>mkdir bin doc include info lib man &amp;&amp;</userinput>
<userinput>cd $LFS/usr &amp;&amp;</userinput>
<userinput>ln -s ../var/tmp</userinput></screen></para>
<para>Normally, directories are created with permission mode 755, which isn't
desired for all directories. The first change is a mode 0750 for the
$LFS/root directory. This is to make sure that not just everybody can
enter the /root directory (the same a user would do with /home/username
directories). The second change is a mode 1777 for the tmp
directories. This way, any user can write data to the /tmp or /var/tmp
directory but cannot remove another user's files (the latter is caused
by the so-called "sticky bit" - bit 1 of the 1777 bit mask).</para>
<para><screen><userinput>cd $LFS &amp;&amp;</userinput>
<userinput>chmod 0750 root &amp;&amp;</userinput>
<userinput>chmod 1777 tmp var/tmp</userinput></screen></para>
<para>Now that the directories are created, copy the source files that were
downloaded in chapter 3 to some subdirectory under $LFS/usr/src (you
will need to create the desired directory yourself).</para>
<sect2>
<title>FHS compliance notes</title>
<para>The FHS stipulates that the /usr/local directory should contain the
bin, games,include, lib, man, sbin, and share subdirectories. You can
alter your /usr/local directory yourself if you want your system
to be FHS-compliant.</para>
<para>Also, the standard says that there should exist a /usr/share/games
directory, which we don't much like for a base system. But feel free to
make your system FHS-compliant if you wish. The FHS isn't precise as
to the structure of the /usr/local/share subdirectories, so we took the
liberty of creating the directories that we felt needed.</para>
</sect2>
</sect1>

66
chapter05/creatingdirs.xml Normal file
View File

@ -0,0 +1,66 @@
<sect1 id="ch05-creatingdirs">
<title>Creating directories</title>
<?dbhtml filename="creatingdirs.html" dir="chapter05"?>
<para>Let's now create the directory tree on the LFS partition based on
the FHS standard, which can be found at
<ulink url="http://www.pathname.com/fhs/">http://www.pathname.com/fhs/</ulink>.
Issuing the following commands will create a default directory layout:</para>
<para><screen><userinput>cd $LFS &amp;&amp;
mkdir -p bin boot dev/pts etc/opt home lib mnt proc root sbin tmp var opt &amp;&amp;
for dirname in $LFS/usr $LFS/usr/local
<literal>&nbsp;&nbsp;&nbsp;do</literal>
&nbsp;&nbsp;&nbsp;mkdir $dirname
&nbsp;&nbsp;&nbsp;cd $dirname
&nbsp;&nbsp;&nbsp;mkdir bin etc include lib sbin share src var
&nbsp;&nbsp;&nbsp;ln -s share/man
&nbsp;&nbsp;&nbsp;ln -s share/doc
&nbsp;&nbsp;&nbsp;ln -s share/info
&nbsp;&nbsp;&nbsp;cd $dirname/share
&nbsp;&nbsp;&nbsp;mkdir dict doc info locale man nls misc terminfo zoneinfo
&nbsp;&nbsp;&nbsp;cd $dirname/share/man
&nbsp;&nbsp;&nbsp;mkdir man{1,2,3,4,5,6,7,8}
done &amp;&amp;
cd $LFS/var &amp;&amp;
mkdir -p lock log mail run spool tmp opt cache lib/misc local &amp;&amp;
cd $LFS/opt &amp;&amp;
mkdir bin doc include info lib man &amp;&amp;
cd $LFS/usr &amp;&amp;
ln -s ../var/tmp</userinput></screen></para>
<para>Normally, directories are created with permission mode 755, which isn't
desired for all directories. The first change is a mode 0750 for the
$LFS/root directory. This is to make sure that not just everybody can
enter the /root directory (the same a user would do with /home/username
directories). The second change is a mode 1777 for the tmp
directories. This way, any user can write data to the /tmp or /var/tmp
directory but cannot remove another user's files (the latter is caused
by the so-called "sticky bit" - bit 1 of the 1777 bit mask).</para>
<para><screen><userinput>cd $LFS &amp;&amp;
chmod 0750 root &amp;&amp;
chmod 1777 tmp var/tmp</userinput></screen></para>
<para>Now that the directories are created, copy the source files that were
downloaded in chapter 3 to some subdirectory under $LFS/usr/src (you
will need to create the desired directory yourself).</para>
<sect2>
<title>FHS compliance notes</title>
<para>The FHS stipulates that the /usr/local directory should contain the
bin, games,include, lib, man, sbin, and share subdirectories. You can
alter your /usr/local directory yourself if you want your system
to be FHS-compliant.</para>
<para>Also, the standard says that there should exist a /usr/share/games
directory, which we don't much like for a base system. But feel free to
make your system FHS-compliant if you wish. The FHS isn't precise as
to the structure of the /usr/local/share subdirectories, so we took the
liberty of creating the directories that we felt needed.</para>
</sect2>
</sect1>

20
chapter05/installasroot.xml
View File

@ -1,20 +0,0 @@
<sect1 id="ch05-installasroot">
<title>Install all software as user root</title>
<?dbhtml filename="installasroot.html" dir="chapter05"?>
<para>It's best to log in as root or su's to root when installing the
packages. That way you are assured that all files are owned by user and
group root (and not owned by the userid of the non-root user), and if a
package wants to set special permissions, it can do so without problems
due to non-root access.</para>
<para>The documentation that comes with Glibc, Gcc, and other
packages recommend not to compile the packages as user root. We
feel it's safe to ignore that recommendation and compile as user root
anyway. Hundreds of people using LFS have done so without any problems
whatsoever, and we haven't encountered any bugs in the compile processes
that cause harm. So it's pretty safe (never can be 100% safe though, so
it's up to you what you end up doing).</para>
</sect1>

55
chapter05/installasuser.xml Normal file
View File

@ -0,0 +1,55 @@
<sect1 id="ch05-installasuser">
<title>Install all software as an unprivileged user</title>
<?dbhtml filename="installasuser.html" dir="chapter05"?>
<para>When you are logged in as root during chapter 5, it is possible
that some files of your host system will be overwritten by the ones
you'll build in chapter 5. There can be all kinds of reasons for this
to happen, for example because the $LFS environment variable is not
set. Overwriting some files from your host system will most likely
cause all kinds of problems, so it's a good idea to be logged in as
an unprivileged user during chapter 5. To make sure the environment
is as clean as possible, we'll create a new user lfs that can be
used while building the static installation. Issuing the following
commands as root will create a new user "lfs":</para>
<para><screen><userinput>useradd -s /bin/bash -m lfs
passwd lfs</userinput></screen></para>
<para>Now it's time to change the permissions on your LFS partitions
so user "lfs" will have write access to it. Run the following command
as root to change the ownership of the LFS partition to user "lfs":</para>
<para><screen><userinput>chown lfs $LFS</userinput></screen></para>
<para>Now you can login as user "lfs". You can do this two ways: either
the normal way through the console or the display manager, or with
<userinput>su - lfs</userinput>. When you're working as user "lfs", type
the following commands to setup a good environment to work in:</para>
<para><screen><userinput>cat >~/.bash_profile <<"EOF"
#!/bin/sh
umask 022
LFS=/mnt/lfs
LC_ALL=POSIX
export LFS LC_ALL
EOF
source ~/.bash_profile</userinput></screen></para>
<para>This profile makes sure the umask is set to 022 so newly created
files and directories will have the correct permission. It is advisable
to keep this setting throughout your LFS installation. Also, the $LFS
and $LC_ALL environment variables are set. $LFS has been explained in
previous chapters already. $LC_ALL is a variable that is used for
internationalization.</para>
<para>When your host distribution uses a glibc version older than 2.2.4,
having $LC_ALL set to something else than "C" or "POSIX" while working
through chapter 5 may cause trouble when you've exited the chrooted
environment of chapter 6 and try to return to it. By setting this to
"POSIX" ("C" is an alias for "POSIX") we ensure that everything will
work as expected in the chrooted environment.</para>
</sect1>

19
chapter06/changingowner.xml Normal file
View File

@ -0,0 +1,19 @@
<sect1 id="ch06-changingowner">
<title>Changing ownership of the LFS partition</title>
<?dbhtml filename="changingowner.html" dir="chapter06"?>
<para>Now we're in chroot, it is a good time to change the ownership of
all files and directories that were installed in chapter 5 back to root.
Run the following commands to do so:</para>
<para><screen><userinput>chown 0.0 / /proc &amp;&amp;
chown -R 0.0 /bin /boot /dev /etc /home /lib /mnt /opt /root /sbin /tmp /usr /var</userinput></screen></para>
<para>These commands will change the ownership of the root partition and
the <filename>/proc</filename> directory to root, plus everything under
the directories mentioned in the second line. In these commands, 0.0 is
used instead of the usual root.root, because the username root can't be
resolved because glibc is not yet installed.</para>
</sect1>