On Mon, Jul 13, 2020 at 7:56 AM Bruce Dubbs via lfs-dev <lfs-dev@lists.linuxfromscratch.org> wrote: > On 7/13/20 6:18 AM, Kevin Buckley via lfs-dev wrote: > > the lfs user would create the minimal directory hierarchy. > > > > I suppose it's worth floating the idea that the lfs user could even > > "download" the sources, although that would require the creation > > of the lfs user a lot further "up" the Book. > > Sure, that could be done, but why? There are a lot of ways to > accomplish the same task, but I don't see the advantage of one way over > the other.
Well, it does demonstrate the principle of minimal privilege. (Though to be fair, it is perhaps questionable whether creating the base hierarchy and then doing a chown as root is a good use of this principle.) Incidentally, along similar lines - the last time I did an LFS build, I experimented with creating minimal sulfs and sudolfs utilities as either the last step before entering the chroot or the first step after entering the chroot (forgot which). These were minimal hard-coded programs compiled from about 20 to 30 lines of C code, where sulfs simulated the effects of "su - lfs" and sudolfs simulated the effects of sudo configured to only allow user lfs to sudo. (Also, given that sudolfs needs to be setuid root, I added a check that a file /etc/sudolfs_permitted exists so that it would only work from within the chroot.) So then, in all builds after that, I could unpack and build as the lfs user and do a "sudolfs make install" as the last step. (Actually, to be honest, I combined that with dpkg usage so what I actually did in sudolfs was a "sudolfs dpkg -i ../*.deb" and at one point maybe "sudolfs cp /tools/var/lib/dpkg/status /var/lib/dpkg/status" etc.) That experiment seemed to work pretty well, though since then I've lost the small sulfs.c and sudolfs.c source files. I wouldn't expect them to be that hard to recreate, however. -- Daniel Schepler -- http://lists.linuxfromscratch.org/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
