r124 - in trunk/text: . chapter01 chapter03 chapter06 chapter07 chapter09

robert at linuxfromscratch.org robert at linuxfromscratch.org
Sun Jan 23 05:31:49 PST 2005


Author: robert
Date: 2005-01-23 06:31:48 -0700 (Sun, 23 Jan 2005)
New Revision: 124

Added:
   trunk/text/chapter06/54-sysklogd.txt
   trunk/text/chapter06/55-sysvinit.txt
   trunk/text/chapter06/56-tar.txt
   trunk/text/chapter06/57-udev.txt
   trunk/text/chapter06/58-util-linux.txt
   trunk/text/chapter06/59-stripping.txt
   trunk/text/chapter06/60-revisedchroot.txt
Removed:
   trunk/text/chapter06/54-libol.txt
   trunk/text/chapter06/55-syslog-ng.txt
   trunk/text/chapter06/56-sysvinit.txt
   trunk/text/chapter06/57-tar.txt
   trunk/text/chapter06/58-udev.txt
   trunk/text/chapter06/59-util-linux.txt
   trunk/text/chapter06/60-stripping.txt
   trunk/text/chapter06/61-revisedchroot.txt
Modified:
   trunk/text/README.txt
   trunk/text/chapter01/changelog.txt
   trunk/text/chapter03/packages.txt
   trunk/text/chapter03/patches.txt
   trunk/text/chapter07/02-bootscripts.txt
   trunk/text/chapter09/03-openntpd.txt
Log:
changed to sysklogd

Modified: trunk/text/README.txt
===================================================================
--- trunk/text/README.txt	2005-01-22 20:01:46 UTC (rev 123)
+++ trunk/text/README.txt	2005-01-23 13:31:48 UTC (rev 124)
@@ -1,5 +1,5 @@
-Hardened Linux From Scratch - 20050122
-January 22nd, 2005
+Hardened Linux From Scratch - 20050123
+January 23rd 2005
 
 - Who willed you? or whose will stands but mine?
   There's none protector of the realm but I.
@@ -7,7 +7,7 @@
 
 This is the snapshot release of HLFS featuring uClibc, Glibc, ProPolice Stack
 Protector, PaX, Grsecurity, Position Independent Executable (PIE) tool chain,
-and Frandom Random Number Suite.
+Frandom Random Number Suite, and privilege seperation for most daemons.
 See: http://www.linuxfromscratch.org/hlfs/ (HLFS Homepage)
      http://www.uclibc.org/ (uClibc Homepage)
      http://www.trl.ibm.com/projects/security/ssp/ (Stack Protector Homepage)
@@ -34,6 +34,10 @@
 are suitable. Coreutils' uname(1), because of non-pic assembly code, and Grub
 are also exceptions to -pie/relro/now.
 
+Sysklogd root privilege seperation was added. Thanks to CAEN and Owl Linux.
+OpenNTPD was added to optional packages and also supports privilege seperation.
+Dhcp, and others, with privilege seperation are comming shortly.
+
 If you plan to use Iptables with Grsecurity go to:
 http://www.grsecurity.net/download.php
 and use the Iptables patch.

Modified: trunk/text/chapter01/changelog.txt
===================================================================
--- trunk/text/chapter01/changelog.txt	2005-01-22 20:01:46 UTC (rev 123)
+++ trunk/text/chapter01/changelog.txt	2005-01-23 13:31:48 UTC (rev 124)
@@ -15,8 +15,12 @@
 Added rdate to chapter 9, and bootscripts. Using ldflags=-pie works better
 than cflags in chap6 gcc. Added with-random=erandom to mktemp's configure.
 
-January 21st, 2005 [Robert]
+January 22nd, 2005 [Robert]
 Added --with-gnu-ld to e2fsprogs to deal with broken configure script, this
 is only a cosmetic issue. Added an suers group, and restricted /bin/su to
 that group in chapter07/suid.txt.
 
+January 23rd, 2005 [Robert]
+Replaced syslog-ng with sysklogd from lfs-5.1.1; with patches for root priv
+drop.
+

Modified: trunk/text/chapter03/packages.txt
===================================================================
--- trunk/text/chapter03/packages.txt	2005-01-22 20:01:46 UTC (rev 123)
+++ trunk/text/chapter03/packages.txt	2005-01-23 13:31:48 UTC (rev 124)
@@ -50,8 +50,7 @@
 http://procps.sourceforge.net/procps-3.2.4.tar.gz
 http://umn.dl.sourceforge.net/sourceforge/psmisc/psmisc-21.5.tar.gz
 ftp://ftp.pld.org.pl/software/shadow/shadow-4.0.6.tar.bz2
-http://www.balabit.com/downloads/syslog-ng/libol/0.3/libol-0.3.14.tar.gz
-http://www.balabit.com/downloads/syslog-ng/1.6/src/syslog-ng-1.6.5.tar.gz
+http://www.infodrom.org/projects/sysklogd/download/sysklogd-1.4.1.tar.gz
 ftp://ftp.cistron.nl/pub/people/miquels/sysvinit/sysvinit-2.86.tar.gz
 ftp://ftp.kernel.org/pub/linux/utils/kernel/hotplug/udev-050.tar.bz2
 http://downloads.linuxfromscratch.org/udev-config-2.permissions

Modified: trunk/text/chapter03/patches.txt
===================================================================
--- trunk/text/chapter03/patches.txt	2005-01-22 20:01:46 UTC (rev 123)
+++ trunk/text/chapter03/patches.txt	2005-01-23 13:31:48 UTC (rev 124)
@@ -22,8 +22,8 @@
 http://www.grsecurity.net/grsecurity-2.1.0-2.6.10-200501081640.patch
 http://www.linuxfromscratch.org/patches/downloads/hlfs/inetutils-1.4.2-kernel_headers-1.patch
 http://www.linuxfromscratch.org/patches/downloads/hlfs/inetutils-1.4.2-no_server_man_pages-1.patch
-http://www.linuxfromscratch.org/patches/downloads/iproute2/iproute2-2.6.9_ss040831-find_update-1.patch
-http://www.linuxfromscratch.org/patches/downloads/iproute2/iproute2-2.6.9_ss040831-remove_db-1.patch
+http://www.linuxfromscratch.org/patches/downloads/hlfs/iproute2-2.6.9_ss040831-find_update-1.patch
+http://www.linuxfromscratch.org/patches/downloads/hlfs/iproute2-2.6.9_ss040831-remove_db-1.patch
 http://www.linuxfromscratch.org/patches/downloads/hlfs/linux-2.6.10-frandom-1.patch
 http://www.grsecurity.net/linux-2.6.10-secfix-200501071130.patch
 http://www.linuxfromscratch.org/patches/downloads/hlfs/linux-libc-headers-2.6-frandom-2.patch
@@ -32,6 +32,8 @@
 http://www.linuxfromscratch.org/patches/downloads/hlfs/perl-5.8.6-uClibc-1.patch
 http://www.linuxfromscratch.org/patches/downloads/hlfs/readline-5.0-fixes-1.patch
 http://www.linuxfromscratch.org/patches/downloads/hlfs/shadow-4.0.6-uClibc-1.patch
+http://www.linuxfromscratch.org/patches/downloads/hlfs/sysklogd-1.4.1-priv_sep-1.patch
+http://www.linuxfromscratch.org/patches/downloads/hlfs/sysklogd-1.4.1-fixes-1.patch
 http://www.linuxfromscratch.org/patches/downloads/hlfs/uClibc-0.9.27-config-1.patch
 http://www.linuxfromscratch.org/patches/downloads/hlfs/uClibc-0.9.27-ssp-2.patch
 http://www.linuxfromscratch.org/patches/downloads/hlfs/util-linux-2.12p-fPIC-1.patch

Deleted: trunk/text/chapter06/54-libol.txt
===================================================================
--- trunk/text/chapter06/54-libol.txt	2005-01-22 20:01:46 UTC (rev 123)
+++ trunk/text/chapter06/54-libol.txt	2005-01-23 13:31:48 UTC (rev 124)
@@ -1,6 +0,0 @@
-- Chapter 6 - Installing Libol 0.3.14
-
-./configure --prefix=/usr ${disable_nls} &&
-make &&
-make install
-

Copied: trunk/text/chapter06/54-sysklogd.txt (from rev 115, trunk/text/chapter06/55-syslog-ng.txt)
===================================================================
--- trunk/text/chapter06/55-syslog-ng.txt	2005-01-21 06:26:25 UTC (rev 115)
+++ trunk/text/chapter06/54-sysklogd.txt	2005-01-23 13:31:48 UTC (rev 124)
@@ -0,0 +1,62 @@
+- Chapter 6 - Installing Sysklogd 1.4.1
+
+# This patch adds a long list of fixes taken from cvs. See the CHANGES file
+# for more details.
+
+patch -Np1 -i ../sysklogd-1.4.1-fixes-1.patch
+
+# This patch adds support for running syslogd and klogd as an unprivileged
+# user. It also adds a chroot feature to klogd.
+
+patch -Np1 -i ../sysklogd-1.4.1-priv_sep-1.patch
+
+# By default Sysklogd will create new log files with world readable
+# permissions. This command will allow only group root to read logs. You
+# can adjust if you prefer to only allow user root to read logs.
+
+sed -e 's/0644/0640/' -i syslogd.c
+
+# The unprivileged users will not be real users. They should never have a
+# password or a real shell. They should not have ownership to any files or
+# directories. They effectively have the permissions of 'nobody'. The klogd
+# user will change root to /var/empty. Other daemons will also use this
+# directory as an empty chroot. Private groups are also added to reduce
+# these user's permissions further.
+
+install -o root -g sys -d /var/empty &&
+groupadd syslogd &&
+groupadd klogd &&
+useradd -g syslogd -s /bin/false -d /var/empty -c 'Syslogd daemon' syslogd &&
+useradd -g klogd -s /bin/false -d /var/empty -c 'Klogd daemon' klogd
+
+# Then make and install Sysklogd.
+
+make RPM_OPT_FLAGS="-pie -fPIE" &&
+make install
+
+# Please note when syslogd is started it opens the log files as root, then
+# drops to the unprivileged user. If syslogd is reloaded with SIGHUP it will
+# attempt to open the log files as the unprivileged user. Therefore the
+# 'reload' switch has been removed from the Sysklogd boot script, and we
+# suggest you only use 'restart' instead. To be able to use SIGHUP the log
+# files must be writtable by the unprivileged user. Klogd has a similiar issue
+# because it can not read kernel symbol information from within the chroot.
+
+# Sysklogd needs a configuration file.
+
+cat > syslog.conf.new << "EOF"
+# Begin /etc/syslog.conf
+
+auth,authpriv.* -/var/log/auth.log
+*.*;auth,authpriv.none -/var/log/sys.log
+daemon.* -/var/log/daemon.log
+kern.* -/var/log/kern.log
+mail.* -/var/log/mail.log
+user.* -/var/log/user.log
+*.emerg *
+
+# End /etc/syslog.conf
+EOF
+
+install -m644 syslog.conf.new /etc/syslog.conf
+

Deleted: trunk/text/chapter06/55-syslog-ng.txt
===================================================================
--- trunk/text/chapter06/55-syslog-ng.txt	2005-01-22 20:01:46 UTC (rev 123)
+++ trunk/text/chapter06/55-syslog-ng.txt	2005-01-23 13:31:48 UTC (rev 124)
@@ -1,90 +0,0 @@
-- Chapter 6 - Installing Syslog-ng 1.6.5
-
-env CC="gcc -pie -fPIE" \
-./configure --prefix=/usr --sysconfdir=/etc \
-	${disable_nls} &&
-make &&
-make install
-
-# Then create a configuration file.
-
-cat > syslog-ng.conf.new << "EOF"
-# Begin /etc/syslog-ng/syslog-ng.conf
-
-options {       sync (0);
-                time_reopen (10);
-                log_fifo_size (1000);
-                long_hostnames(off); 
-                use_dns (no);
-                use_fqdn (no);
-                create_dirs (no);
-                keep_hostname (yes);
-        };
-
-source src {    unix-stream("/dev/log");
-                internal();
-                pipe("/proc/kmsg");
-            };
-
-destination authlog { file("/var/log/authorize.log"); };
-destination syslog { file("/var/log/syslog.log"); };
-destination cron { file("/var/log/cron.log"); };
-destination daemon { file("/var/log/daemon.log"); };
-destination kernel { file("/var/log/kernel.log"); };
-destination lpr { file("/var/log/lpr.log"); };
-destination user { file("/var/log/user.log"); };
-destination uucp { file("/var/log/uucp.log"); };
-destination mail { file("/var/log/mail.log"); };
-destination news { file("/var/log/news.log"); };
-destination debug { file("/var/log/debug.log"); };
-destination messages { file("/var/log/messages.log"); };
-destination everything { file("/var/log/everything.log"); };
-destination console { usertty("root"); };
-destination console_all { file("/dev/tty12"); };
-
-filter f_auth { facility(auth); };
-filter f_authpriv { facility(auth, authpriv); };
-filter f_syslog { not facility(authpriv, mail); };
-filter f_cron { facility(cron); };
-filter f_daemon { facility(daemon); };
-filter f_kernel { facility(kern); };
-filter f_lpr { facility(lpr); };
-filter f_mail { facility(mail); };
-filter f_news { facility(news); };
-filter f_user { facility(user); };
-filter f_uucp { facility(uucp); };
-filter f_debug { not facility(auth, authpriv, news, mail); };
-filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news); };
-filter f_everything { level(debug..emerg) and not facility(auth, authpriv); };
-
-filter f_emergency { level(emerg); };
-filter f_info { level(info); };
-filter f_notice { level(notice); };
-filter f_warn { level(warn); };
-filter f_crit { level(crit); };
-filter f_err { level(err); };
-
-log { source(src); filter(f_authpriv); destination(authlog); };
-log { source(src); filter(f_syslog); destination(syslog); };
-log { source(src); filter(f_cron); destination(cron); };
-log { source(src); filter(f_daemon); destination(daemon); };
-log { source(src); filter(f_kernel); destination(kernel); };
-log { source(src); filter(f_lpr); destination(lpr); };
-log { source(src); filter(f_mail); destination(mail); };
-log { source(src); filter(f_news); destination(news); };
-log { source(src); filter(f_user); destination(user); };
-log { source(src); filter(f_uucp); destination(uucp); };
-log { source(src); filter(f_debug); destination(debug); };
-log { source(src); filter(f_messages); destination(messages); };
-log { source(src); filter(f_emergency); destination(console); };
-log { source(src); filter(f_everything); destination(everything); };
-log { source(src); destination(console_all); };
-
-# END /etc/syslog-ng/syslog-ng.conf
-EOF
-
-# And install the new configuration file.
-
-install -d /etc/syslog-ng &&
-install -m644 syslog-ng.conf.new /etc/syslog-ng/syslog-ng.conf
-

Copied: trunk/text/chapter06/55-sysvinit.txt (from rev 115, trunk/text/chapter06/56-sysvinit.txt)

Deleted: trunk/text/chapter06/56-sysvinit.txt
===================================================================
--- trunk/text/chapter06/56-sysvinit.txt	2005-01-22 20:01:46 UTC (rev 123)
+++ trunk/text/chapter06/56-sysvinit.txt	2005-01-23 13:31:48 UTC (rev 124)
@@ -1,42 +0,0 @@
-- Chapter 6 - Installing Sysvinit 2.86
-
-sed -i 's at Sending processes@& started by init at g' \
-    src/init.c &&
-make -C src CC="gcc -pie -fPIE" &&
-make -C src install
-
-# Then create a configuration file.
-
-cat > inittab.new << "EOF"
-# Begin /etc/inittab
-
-id:3:initdefault:
-
-si::sysinit:/etc/rc.d/init.d/rc sysinit
-
-l0:0:wait:/etc/rc.d/init.d/rc 0
-l1:S1:wait:/etc/rc.d/init.d/rc 1
-l2:2:wait:/etc/rc.d/init.d/rc 2
-l3:3:wait:/etc/rc.d/init.d/rc 3
-l4:4:wait:/etc/rc.d/init.d/rc 4
-l5:5:wait:/etc/rc.d/init.d/rc 5
-l6:6:wait:/etc/rc.d/init.d/rc 6
-
-ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now
-
-su:S016:once:/sbin/sulogin
-
-1:2345:respawn:/sbin/agetty -I '\033(K' tty1 9600
-2:2345:respawn:/sbin/agetty -I '\033(K' tty2 9600
-3:2345:respawn:/sbin/agetty -I '\033(K' tty3 9600
-4:2345:respawn:/sbin/agetty -I '\033(K' tty4 9600
-5:2345:respawn:/sbin/agetty -I '\033(K' tty5 9600
-6:2345:respawn:/sbin/agetty -I '\033(K' tty6 9600
-
-# End /etc/inittab
-EOF
-
-# Then install the configuration file.
-
-install -m644 inittab.new /etc/inittab
-

Copied: trunk/text/chapter06/56-tar.txt (from rev 115, trunk/text/chapter06/57-tar.txt)

Deleted: trunk/text/chapter06/57-tar.txt
===================================================================
--- trunk/text/chapter06/57-tar.txt	2005-01-22 20:01:46 UTC (rev 123)
+++ trunk/text/chapter06/57-tar.txt	2005-01-23 13:31:48 UTC (rev 124)
@@ -1,15 +0,0 @@
-- Chapter 6 - Installing Tar 1.15.1
-
-env CC="gcc -pie -fPIE" \
-./configure --prefix=/usr --bindir=/bin \
-	--libexecdir=/usr/sbin ${disable_nls} &&
-make
-
-# Run the test suite if you like.
-
-make check
-
-# Then install Tar.
-
-make install
-

Copied: trunk/text/chapter06/57-udev.txt (from rev 115, trunk/text/chapter06/58-udev.txt)

Deleted: trunk/text/chapter06/58-udev.txt
===================================================================
--- trunk/text/chapter06/58-udev.txt	2005-01-22 20:01:46 UTC (rev 123)
+++ trunk/text/chapter06/58-udev.txt	2005-01-23 13:31:48 UTC (rev 124)
@@ -1,17 +0,0 @@
-- Chapter 6 - Installing Udev 050
-
-# Build Udev.
-
-make udevdir=/dev
-
-# Then install Udev.
-
-make udevdir=/dev install &&
-install -m644 ../udev-config-2.permissions \
-	/etc/udev/permissions.d/25-lfs.permissions &&
-install -m644 ../udev-config-1.rules /etc/udev/rules.d/25-lfs.rules
-
-# Then start the program to set up /dev.
-
-/sbin/udevstart
-

Copied: trunk/text/chapter06/58-util-linux.txt (from rev 115, trunk/text/chapter06/59-util-linux.txt)

Copied: trunk/text/chapter06/59-stripping.txt (from rev 115, trunk/text/chapter06/60-stripping.txt)
===================================================================
--- trunk/text/chapter06/60-stripping.txt	2005-01-21 06:26:25 UTC (rev 115)
+++ trunk/text/chapter06/59-stripping.txt	2005-01-23 13:31:48 UTC (rev 124)
@@ -0,0 +1,33 @@
+- Chapter 6 - Stripping
+
+# First log out.
+
+logout
+
+# Change-root back in using /tools/bin/bash as the shell.
+
+chroot $LFS /tools/bin/env -i \
+	HOME=/root TERM=$TERM PS1='\u:\w\$ ' \
+	PATH=/bin:/usr/bin:/sbin:/usr/sbin \
+	/tools/bin/bash --login
+
+# Strip the libraries.
+
+/tools/bin/find /{,usr}/lib -type f \
+	-exec /tools/bin/strip --strip-debug '{}' ';'
+
+# Then strip the programs.
+
+/tools/bin/strip --strip-all /{,usr/}{bin,sbin}/*
+
+# A couple GCC programs are located in /usr/lib, they can be fully stripped.
+# Only one of these commands will work depending on which Libc you installed.
+
+/tools/bin/strip --strip-all \
+	/usr/lib/gcc/$(uname -m)-pc-linux-gnu/3.4.3/{cc1*,collect2}
+
+# Or
+
+/tools/bin/strip --strip-all \
+        /usr/lib/gcc/$(uname -m)-pc-linux-uclibc/3.4.3/{cc1*,collect2}
+

Deleted: trunk/text/chapter06/59-util-linux.txt
===================================================================
--- trunk/text/chapter06/59-util-linux.txt	2005-01-22 20:01:46 UTC (rev 123)
+++ trunk/text/chapter06/59-util-linux.txt	2005-01-23 13:31:48 UTC (rev 124)
@@ -1,23 +0,0 @@
-- Chapter 6 - Installing Util-linux 2.12p
-
-# First apply this patch. This is needed regardless whether you will
-# link Util-linux statically or not because our GCC compiles PIC by
-# default. Also reset the path to 'adjtime' and create the directory.
-
-patch -Np1 -i ../util-linux-2.12p-fPIC-1.patch &&
-sed -i 's at etc/adjtime at var/lib/hwclock/adjtime at g' hwclock/hwclock.c &&
-install -d /var/lib/hwclock
-
-# This patch fixes a problem util-linux has with newer libc-linux-headers.
-
-patch -Np1 -i ../util-linux-2.12p-cramfs-1.patch
-
-# Configure make make util-linux.
-
-./configure &&
-make HAVE_KILL=yes HAVE_SLN=yes
-
-# Then install util-linux.
-
-make HAVE_KILL=yes HAVE_SLN=yes install
-

Copied: trunk/text/chapter06/60-revisedchroot.txt (from rev 115, trunk/text/chapter06/61-revisedchroot.txt)

Deleted: trunk/text/chapter06/60-stripping.txt
===================================================================
--- trunk/text/chapter06/60-stripping.txt	2005-01-22 20:01:46 UTC (rev 123)
+++ trunk/text/chapter06/60-stripping.txt	2005-01-23 13:31:48 UTC (rev 124)
@@ -1,20 +0,0 @@
-- Chapter 6 - Stripping
-
-# First log out.
-logout
-
-# Change-root back in using /tools/bin/bash as the shell.
-
-chroot $LFS /tools/bin/env -i \
-	HOME=/root TERM=$TERM PS1='\u:\w\$ ' \
-	PATH=/bin:/usr/bin:/sbin:/usr/sbin \
-	/tools/bin/bash --login
-
-# Then strip the new system.
-
-/tools/bin/find /{,usr/}{bin,lib,sbin} -type f \
-	-exec /tools/bin/strip --strip-debug '{}' ';'
-
-# The system should be about 1.1GB including /tools and /sources.
-# About 800MB without /tools and /sources.
-

Deleted: trunk/text/chapter06/61-revisedchroot.txt
===================================================================
--- trunk/text/chapter06/61-revisedchroot.txt	2005-01-22 20:01:46 UTC (rev 123)
+++ trunk/text/chapter06/61-revisedchroot.txt	2005-01-23 13:31:48 UTC (rev 124)
@@ -1,13 +0,0 @@
-- Chapter 6 - Revised Chroot
-
-# Log out from the previous chroot used for stripping.
-
-logout
-
-# Then change-root back in.
-
-chroot "$LFS" /usr/bin/env -i \
-	HOME=/root TERM="$TERM" PS1='\u:\w\$ ' \
-	PATH=/bin:/usr/bin:/sbin:/usr/sbin \
-	/bin/bash --login
-

Modified: trunk/text/chapter07/02-bootscripts.txt
===================================================================
--- trunk/text/chapter07/02-bootscripts.txt	2005-01-22 20:01:46 UTC (rev 123)
+++ trunk/text/chapter07/02-bootscripts.txt	2005-01-23 13:31:48 UTC (rev 124)
@@ -3,6 +3,7 @@
 # First install lfs-bootscripts. Hotplug and syslog-ng are installed
 # by default with the new version of lfs-bootscripts.
 
+patch -Np1 -i ../lfs-bootscripts-3.1.0-hlfs-1.patch &&
 make install
 
 # The erandom and frandom devices are not found by udev, so we need to

Modified: trunk/text/chapter09/03-openntpd.txt
===================================================================
--- trunk/text/chapter09/03-openntpd.txt	2005-01-22 20:01:46 UTC (rev 123)
+++ trunk/text/chapter09/03-openntpd.txt	2005-01-23 13:31:48 UTC (rev 124)
@@ -19,13 +19,13 @@
 # This version of the Network Time Protocol Daemon uses privilege separation,
 # like OpenSSH's daemon. We will need to add a dedicated group and user.
 
-install -o root -g sys -d /var/empty &&
-groupadd _ntp &&
-useradd -g _ntp -s /bin/false -d /var/empty -c 'OpenNTP daemon' _ntp
+groupadd ntp &&
+useradd -g ntp -s /bin/false -d /var/empty -c 'OpenNTP daemon' ntp
 
 # Then configure and install OpenNTPD.
 
-./configure --prefix=/usr --sysconfdir=/etc &&
+./configure --prefix=/usr --sysconfdir=/etc \
+	--with-privsep-user=ntp &&
 make &&
 make install
 




More information about the hlfs-dev mailing list