Onward branch

Robert Connolly robert at linuxfromscratch.org
Sat Oct 18 16:49:59 PDT 2008


If it's possible, I want to install boot scripts to /tools/etc, tell Grub to 
use /tools/bin/init, so when we reboot / is basically empty and we start off 
on the right foot. This avoids overwriting files on /, and lets us set up 
directory and file ownerships so root owns as little as possible. We can't 
really set ownerships on the temporary host because uids probably won't be 
the same.

LFS and CLFS uses some hard coded paths, like /sbin/udevd. There's probably a 
reason for this, but since /tools/bin/udevd is the only udevd we have it 
shouldn't be a problem to use the udevd in $PATH. Or have PATH=/tools/bin 
just for the boot scripts, and PATH=/bin:/usr/bin:/tools/bin for the login 
user.

So I think we need a special set of boot scripts for /tools. Minimal, like 
CLFS's install-minimal, but with network as an option.

We should also start talking about users and groups.

User "admin": owner of most of the filesystem.

Group "bin": has group write permission on most of the filesystem.

User "installer": is in the bin group, used to install packages, but can't 
overwrite files owned by the admin user. Installed packages have their 
ownership changed to user admin.

Also, if it's possible, straight off the reboot, I want agetty to run as 
non-root. Maybe not today, but it's something to keep in mind. The rebooted 
temporary system should be 100% hardened. This can be done in the boot 
scripts with execcap and/or Debian's runas program.

robert
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20081018/93020c85/attachment.sig>


More information about the hlfs-dev mailing list