[lfs-dev] Chapter 4: Could the lfs user perfrom the minimal directory hierachy creation?

William Harrington kb0iic at berzerkula.org
Tue Jul 14 22:29:49 PDT 2020


On 2020-07-14 22:05, Kevin Buckley via lfs-dev wrote:
> On Tue, 14 Jul 2020 at 00:57, Daniel Schepler via lfs-dev
> <lfs-dev at lists.linuxfromscratch.org> wrote:
>> 
>> On Mon, Jul 13, 2020 at 7:56 AM Bruce Dubbs via lfs-dev
>> 
>> > Sure, that could be done, but why?  There are a lot of ways to
>> > accomplish the same task, but I don't see the advantage of one way over
>> > the other.
>> 
>> Well, it does demonstrate the principle of minimal privilege.  (Though
>> to be fair, it is perhaps questionable whether creating the base
>> hierarchy and then doing a chown as root is a good use of this
>> principle.)
> 
> That, doing less as root on the host, was kind of where I had
> been going.
> 
> Implant, in the mind of the new user, just how little actually needs
> to be done as root on a GNU/Linux system.
> 
>> Incidentally, along similar lines - the last time I did an LFS build,
>> I experimented with creating minimal sulfs and sudolfs utilities as
>> either the last step before entering the chroot or the first step
>> after entering the chroot (forgot which).  These were minimal
>> hard-coded programs compiled from about 20 to 30 lines of C code,
>> where sulfs simulated the effects of "su - lfs" and sudolfs simulated
>> the effects of sudo configured to only allow user lfs to sudo.
> 
> Hmm, that might be an interesting approach to take for a "PkgUser"
> build, now that some packages deployed within the early chapters
> are installed into their final locations, as oppsoed to /tools, and so
> would be owned by the lfs user.

Greetings,

It’s always been known that not using sudo or being as root to perform 
specific jobs is preferred. It’s been up to the sysadmin who has that 
power. The  ore we remove the need for root from an LFS build, the 
better. With the next LFS release and the restructure of the book, it 
may. Eco e a reality. LFS 6 was the breakthrough for our current way of 
building. The next breakthrough is using a normal user and sysroot.  We 
had one knowledgeable person working on this years ago, ChrisS67.  We 
didn’t have the time or people to get there for CLFS, but looks like LFS 
is going the right step there. He had a branch was working on. But the 
whole point was build tools with a normal user.  We got hung up on 
ncurses.

Sincerely,

William Harrington
-- 
You feel a whole lot more like you do now than you did when  you used 
to.


More information about the lfs-dev mailing list