On 3/1/07, Brian <[EMAIL PROTECTED]> wrote: > Please could someone spell out the reason for building software as an > unprivileged user? This is recommended in the BLFS book and elsewhere > (though not in LFS), but I can't find a full explanation. > > If running 'make' as root could (accidentally? maliciously?) trash my > system, doesn't the same apply when I have to run 'make install' as root? > Is there any qualitative difference in security risk? > > (The reason I'm asking, in case you're interested, is that I'm automating > the build using a simple bash script for each package, and it would be > simpler to run everything as root rather than having to add 'sudo' to my > system, which is the only other way I can see of doing it.)
You pretty much hit the nail on the head. In LFS, we don't have an unprivileged user in the chroot, so we do everything as root. In BLFS, though, the main idea is that you don't want to be root unless you absolutely have to be. I've heard of errors building as root such as with the kernel, but never seen it myself. I build everything as root for the same reason that to try to sanely drop and raise privileges from within a script is a big hassle. BLFS is also written with the intention that you're reading the page entering the commands in a shell. That gets really old after a couple days, though :) -- Dan -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
