jhalfs: why su - (user)
georgeb at linuxfromscratch.org
Fri Aug 4 16:54:11 PDT 2006
Dan Nicholson wrote:
> On 8/4/06, George Boudreau <georgeb at linuxfromscratch.org> wrote:
>> ..Dan's work made me think of this..
>> If we can pick and our user/group and all looks well is there a
>> reason we should keep ... su - $(LUSER)... at all. You will still need
>> root priv or sudo to build the final stages so privileges are not an
>> issue. As usual it is easier to state than code and gremlins pop up in
>> the least likely places.
> The reason why switching to the unprivileged user is so important is
> so you don't inadvertantly mangle the host during the temp stage.
> Obviously, a scripted build guards against that, but if there are bugs
> in the book or script... Is that what you were asking?
Nope, not really, but after I wrote a novella reply on the subject I
answered my own question. Yes, the code could be removed and the onus
would be on the builder to safeguard his/her system by building from a
lo-priv account. This is too little reward for the risk to the builders
system. I know of no 'simple' way to reduce user privs to minimize the
exposure of host system to damage..(I miss vms 'set proc/priv' switches)
I was also looking to mimic the book's use of the user account, enter
the account once and build the temporary tools and leave. The idea of
switching in and out of a command shell a few hundred times is irksome
but I will live with it.
More information about the alfs-discuss