robert at linuxfromscratch.org
Tue Sep 16 19:20:56 PDT 2008
On Monday September 15 2008 03:17:04 am Jan Dvorak wrote:
> > The more_control_and_pkg_man.txt hint system is tedious, but it
> > identifies every problem with filesystem permissions and packages, for
> > us. It's a big helper.
> Nope, it's totall overkill. You never ever run a program under a package
> user. The only reason for them is to install files safely, which can be
> done without polluting your passwd and group files and making all *nix
> people around scream with horror after looking at `ls -l` output.
An alternative would be two users, an owner (user-1) of most of the filesystem
(/usr, /lib, /bin), and a build user (user-2). The two users are in the same
group. user-2 has write permission on /usr, and can install there, but can't
overwrite user-1's files. After an install, the new files have their
ownership changed from user-2 to user-1, and group-write removed. This keeps
packages from overwriting eachother, an installed-files list can be made for
each package before (or during) ownership change, and it only involves two
The installed-files list is usefull if you want to reinstall, or upgrade, a
package, so the file ownships can be flipped back to user-2. Without this
file list, it would be a nightmare to reinstall a package.
After the base system is installed, /lib, /bin, and /sbin, can have their
group write removed, so user-2 can't install there anymore. This can be
helpfull with packages that are not in the blfs book, and who install in
strange places. /lib/modules could remain group writable.
Disk devices, in /dev/, might also benefit by being owned by non-root.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 197 bytes
Desc: not available
More information about the hlfs-dev