Onward branch

Robert Connolly robert at linuxfromscratch.org
Tue Sep 16 19:20:56 PDT 2008

On Monday September 15 2008 03:17:04 am Jan Dvorak wrote:
> > The more_control_and_pkg_man.txt hint system is tedious, but it
> > identifies every problem with filesystem permissions and packages, for
> > us. It's a big helper.
> Nope, it's totall overkill. You never ever run a program under a package
> user. The only reason for them is to install files safely, which can be
> done without polluting your passwd and group files and making all *nix
> people around scream with horror after looking at `ls -l` output.

An alternative would be two users, an owner (user-1) of most of the filesystem 
(/usr, /lib, /bin), and a build user (user-2). The two users are in the same 
group. user-2 has write permission on /usr, and can install there, but can't 
overwrite user-1's files. After an install, the new files have their 
ownership changed from user-2 to user-1, and group-write removed. This keeps 
packages from overwriting eachother, an installed-files list can be made for 
each package before (or during) ownership change, and it only involves two 

The installed-files list is usefull if you want to reinstall, or upgrade, a 
package, so the file ownships can be flipped back to user-2. Without this 
file list, it would be a nightmare to reinstall a package.

After the base system is installed, /lib, /bin, and /sbin, can have their 
group write removed, so user-2 can't install there anymore. This can be 
helpfull with packages that are not in the blfs book, and who install in 
strange places. /lib/modules could remain group writable.

Disk devices, in /dev/, might also benefit by being owned by non-root.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20080916/2c637805/attachment.sig>

More information about the hlfs-dev mailing list