robert at linuxfromscratch.org
Sat Oct 18 16:49:59 PDT 2008
If it's possible, I want to install boot scripts to /tools/etc, tell Grub to
use /tools/bin/init, so when we reboot / is basically empty and we start off
on the right foot. This avoids overwriting files on /, and lets us set up
directory and file ownerships so root owns as little as possible. We can't
really set ownerships on the temporary host because uids probably won't be
LFS and CLFS uses some hard coded paths, like /sbin/udevd. There's probably a
reason for this, but since /tools/bin/udevd is the only udevd we have it
shouldn't be a problem to use the udevd in $PATH. Or have PATH=/tools/bin
just for the boot scripts, and PATH=/bin:/usr/bin:/tools/bin for the login
So I think we need a special set of boot scripts for /tools. Minimal, like
CLFS's install-minimal, but with network as an option.
We should also start talking about users and groups.
User "admin": owner of most of the filesystem.
Group "bin": has group write permission on most of the filesystem.
User "installer": is in the bin group, used to install packages, but can't
overwrite files owned by the admin user. Installed packages have their
ownership changed to user admin.
Also, if it's possible, straight off the reboot, I want agetty to run as
non-root. Maybe not today, but it's something to keep in mind. The rebooted
temporary system should be 100% hardened. This can be done in the boot
scripts with execcap and/or Debian's runas program.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 197 bytes
Desc: not available
More information about the hlfs-dev