system file ownership

Robert Connolly robert at linuxfromscratch.org
Sun Jun 3 19:01:05 PDT 2007


To expand on this thread. I've always thought it would be a good idea to do 
all the builds as non-root. None of the builds need root privileges, and it's 
not a good habit to be logged in as root doing things that a normal user can 
do.

With /tools/bin/su installed for the Coreutils and Bash test suites, su can 
also be used to drop down to the 'system' user (who does not have a 
password), who owns the majority of the public directories and files.

There's a issue with the uid being for a different user inside and outside the 
chroot, but something like 'uid 1' is almost never a login user, so it 
shouldn't be a problem.

This was discussed on this list years ago, and it was thought that the root 
account is better guarded than the others, and so files owned by root would 
also have better protection. But if we consider that root's superuser file 
modification capabilities can be dropped with suid programs, then there's an 
advantage to breaking up administrative privileges into different users and 
roles.

robert
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20070603/7a27548a/attachment.sig>


More information about the hlfs-dev mailing list