gronod/lfs
1
0
Fork 0
mirror of https://git.linuxfromscratch.org/lfs.git synced 2025-06-18 19:29:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
39679232f7
lfs/chapter02/aboutlfs.xml
Xi Ruoyao 39679232f7
Move the explanation of umask 022 from settingenviron to aboutlfs 
Explain it once we use it.  Also fix an error in the text (we don't make
files executable, we only make directories searchable).
2025-01-12 11:56:30 +08:00

94 lines
4.4 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../general.ent">
%general-entities;
]>
<sect1 id="ch-partitioning-aboutlfs">
<?dbhtml filename="aboutlfs.html"?>
<title>Setting the $LFS Variable and the Umask</title>
<para>Throughout this book, the environment variable <envar>LFS</envar> will
be used several times. You should ensure that this variable is always defined
throughout the LFS build process. It should be set to the name of the
directory where you will be building your LFS system - we will use
<filename class="directory">/mnt/lfs</filename> as an example, but you may
choose any directory name you want. If you are building LFS on a separate
partition, this directory will be the mount point for the partition.
Choose a directory location and set the variable with the
following command:</para>
<screen role="nodump"><userinput>export LFS=<replaceable>/mnt/lfs</replaceable></userinput></screen>
<para>Having this variable set is beneficial in that commands such as
<command>mkdir -v $LFS/tools</command> can be typed literally. The shell
will automatically replace <quote>$LFS</quote> with
<quote>/mnt/lfs</quote> (or whatever value the variable was set to) when it
processes the command line.</para>
<para>Now setting the file mode creation mask (umask) to
<literal>022</literal> in case the host distro uses a different
default:</para>
<screen role="nodump"><userinput>umask 022</userinput></screen>
<para>Setting the umask to 022 ensures that newly created files and
directories are only writable by their owner, but are readable and
searchable (only for directories) by anyone (assuming default modes are
used by the <ulink role='man' url='&man;open.2'>open(2)</ulink> system
call, new files will end up with permission mode 644 and directories with
mode 755). An over-permissive default can leave security holes in the
LFS system, and an over-restrictive default can cause strange issues
building or using the LFS system.</para>
<caution>
<para>Do not forget to check that <envar>LFS</envar> is set and the
umask is set to <literal>022</literal> whenever
you leave and reenter the current working environment (such as when doing a
<command>su</command> to <systemitem class="username">root</systemitem> or
another user). Check that the <envar>LFS</envar> variable is set up
properly with:</para>
<screen role="nodump"><userinput>echo $LFS</userinput></screen>
<para>Make sure the output shows the path to your LFS system's build
location, which is <filename class="directory">/mnt/lfs</filename> if the
provided example was followed.</para>
<para>Check that the umask is set up properly with:</para>
<screen role="nodump"><userinput>umask</userinput></screen>
<para>The output should be <computeroutput>022</computeroutput>.</para>
<para>If any output of these two commands is incorrect, use the command
given earlier on this page to set <envar>$LFS</envar> to the correct
directory name and set umask to <literal>022</literal>.</para></caution>
<note><para>One way to ensure that the <envar>LFS</envar> variable and the
umask are always set properly is to edit the
<filename>.bash_profile</filename> file in both your personal home
directory and in <filename>/root/.bash_profile</filename> and
enter the <command>export</command> and <command>umask</command> commands
above. In addition, the shell specified in the
<filename>/etc/passwd</filename> file for all users that need the
<envar>LFS</envar> variable must be bash to ensure that the
<filename>.bash_profile</filename> file is incorporated as a part of
the login process.</para>
<para>Another consideration is the method that is used to log into the
host system. If logging in through a graphical display manager, the
user's <filename>.bash_profile</filename> is not normally used when
a virtual terminal is started. In this case, add the commands to
the <filename>.bashrc</filename> file for the user and
<systemitem class="username">root</systemitem>. In addition,
some distributions use an "if" test, and do not run the remaining <filename>.bashrc</filename>
instructions for a non-interactive bash invocation. Be sure to place the
commands ahead of the test for non-interactive use.</para>
</note>
</sect1>
Reference in New Issue View Git Blame Copy Permalink