Re: [lfs-dev] Chapter 4: Could the lfs user perfrom the minimal directory hierachy creation?
On 2020-07-14 22:05, Kevin Buckley via lfs-dev wrote: On Tue, 14 Jul 2020 at 00:57, Daniel Schepler via lfs-dev wrote: On Mon, Jul 13, 2020 at 7:56 AM Bruce Dubbs via lfs-dev > Sure, that could be done, but why? There are a lot of ways to > accomplish the same task, but I don't see the advantage of one way over > the other. Well, it does demonstrate the principle of minimal privilege. (Though to be fair, it is perhaps questionable whether creating the base hierarchy and then doing a chown as root is a good use of this principle.) That, doing less as root on the host, was kind of where I had been going. Implant, in the mind of the new user, just how little actually needs to be done as root on a GNU/Linux system. Incidentally, along similar lines - the last time I did an LFS build, I experimented with creating minimal sulfs and sudolfs utilities as either the last step before entering the chroot or the first step after entering the chroot (forgot which). These were minimal hard-coded programs compiled from about 20 to 30 lines of C code, where sulfs simulated the effects of "su - lfs" and sudolfs simulated the effects of sudo configured to only allow user lfs to sudo. Hmm, that might be an interesting approach to take for a "PkgUser" build, now that some packages deployed within the early chapters are installed into their final locations, as oppsoed to /tools, and so would be owned by the lfs user. Greetings, It’s always been known that not using sudo or being as root to perform specific jobs is preferred. It’s been up to the sysadmin who has that power. The ore we remove the need for root from an LFS build, the better. With the next LFS release and the restructure of the book, it may. Eco e a reality. LFS 6 was the breakthrough for our current way of building. The next breakthrough is using a normal user and sysroot. We had one knowledgeable person working on this years ago, ChrisS67. We didn’t have the time or people to get there for CLFS, but looks like LFS is going the right step there. He had a branch was working on. But the whole point was build tools with a normal user. We got hung up on ncurses. Sincerely, William Harrington -- You feel a whole lot more like you do now than you did when you used to. -- http://lists.linuxfromscratch.org/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
Re: [lfs-dev] Chapter 4: Could the lfs user perfrom the minimal directory hierachy creation?
On Tue, 14 Jul 2020 at 00:57, Daniel Schepler via lfs-dev wrote: > > On Mon, Jul 13, 2020 at 7:56 AM Bruce Dubbs via lfs-dev > > > Sure, that could be done, but why? There are a lot of ways to > > accomplish the same task, but I don't see the advantage of one way over > > the other. > > Well, it does demonstrate the principle of minimal privilege. (Though > to be fair, it is perhaps questionable whether creating the base > hierarchy and then doing a chown as root is a good use of this > principle.) That, doing less as root on the host, was kind of where I had been going. Implant, in the mind of the new user, just how little actually needs to be done as root on a GNU/Linux system. > Incidentally, along similar lines - the last time I did an LFS build, > I experimented with creating minimal sulfs and sudolfs utilities as > either the last step before entering the chroot or the first step > after entering the chroot (forgot which). These were minimal > hard-coded programs compiled from about 20 to 30 lines of C code, > where sulfs simulated the effects of "su - lfs" and sudolfs simulated > the effects of sudo configured to only allow user lfs to sudo. Hmm, that might be an interesting approach to take for a "PkgUser" build, now that some packages deployed within the early chapters are installed into their final locations, as oppsoed to /tools, and so would be owned by the lfs user. -- http://lists.linuxfromscratch.org/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
Re: [lfs-dev] Chapter 4: Could the lfs user perfrom the minimal directory hierachy creation?
On Mon, Jul 13, 2020 at 7:56 AM Bruce Dubbs via lfs-dev wrote: > On 7/13/20 6:18 AM, Kevin Buckley via lfs-dev wrote: > > the lfs user would create the minimal directory hierarchy. > > > > I suppose it's worth floating the idea that the lfs user could even > > "download" the sources, although that would require the creation > > of the lfs user a lot further "up" the Book. > > Sure, that could be done, but why? There are a lot of ways to > accomplish the same task, but I don't see the advantage of one way over > the other. Well, it does demonstrate the principle of minimal privilege. (Though to be fair, it is perhaps questionable whether creating the base hierarchy and then doing a chown as root is a good use of this principle.) Incidentally, along similar lines - the last time I did an LFS build, I experimented with creating minimal sulfs and sudolfs utilities as either the last step before entering the chroot or the first step after entering the chroot (forgot which). These were minimal hard-coded programs compiled from about 20 to 30 lines of C code, where sulfs simulated the effects of "su - lfs" and sudolfs simulated the effects of sudo configured to only allow user lfs to sudo. (Also, given that sudolfs needs to be setuid root, I added a check that a file /etc/sudolfs_permitted exists so that it would only work from within the chroot.) So then, in all builds after that, I could unpack and build as the lfs user and do a "sudolfs make install" as the last step. (Actually, to be honest, I combined that with dpkg usage so what I actually did in sudolfs was a "sudolfs dpkg -i ../*.deb" and at one point maybe "sudolfs cp /tools/var/lib/dpkg/status /var/lib/dpkg/status" etc.) That experiment seemed to work pretty well, though since then I've lost the small sulfs.c and sudolfs.c source files. I wouldn't expect them to be that hard to recreate, however. -- Daniel Schepler -- http://lists.linuxfromscratch.org/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
Re: [lfs-dev] Chapter 4: Could the lfs user perfrom the minimal directory hierachy creation?
On 7/13/20 6:18 AM, Kevin Buckley via lfs-dev wrote: At present, in Chapter 4, the host system's root user creates a minimal directory hierarchy, then creates the lfs user and then chown's the minimal directory hierarchy so as to be owned by th e lfs user, and finally does an su to the lfs user. I was thinking that the order could be altered so that, the host system's root user first creates the lfs user, then merely changes the ownership of the top of the $LFS partition, and then,after the su - lfs the lfs user would create the minimal directory hierarchy. I suppose it's worth floating the idea that the lfs user could even "download" the sources, although that would require the creation of the lfs user a lot further "up" the Book. Sure, that could be done, but why? There are a lot of ways to accomplish the same task, but I don't see the advantage of one way over the other. -- Bruce -- http://lists.linuxfromscratch.org/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
[lfs-dev] Chapter 4: Could the lfs user perfrom the minimal directory hierachy creation?
At present, in Chapter 4, the host system's root user creates a minimal directory hierarchy, then creates the lfs user and then chown's the minimal directory hierarchy so as to be owned by th e lfs user, and finally does an su to the lfs user. I was thinking that the order could be altered so that, the host system's root user first creates the lfs user, then merely changes the ownership of the top of the $LFS partition, and then,after the su - lfs the lfs user would create the minimal directory hierarchy. I suppose it's worth floating the idea that the lfs user could even "download" the sources, although that would require the creation of the lfs user a lot further "up" the Book. -- http://lists.linuxfromscratch.org/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page