DJ Lucas wrote:
> Guys, after rewriting most of my build scripts to use an unprivileged user
> over the past few weeks, I noticed something that I think would benefit
> users of the book. Most commands that are not in a typical user's path do
> not explicitly say so.
I don't think so. I omitted it from mysql because I just didn't think
about it, but for instance apache has:
"For security reasons, running the server as an unprivileged user and
group is strongly encouraged. Create the following group and user using
the following commands (as root):
groupadd
...
I'll try to fix mysql tomorrow.
> This creates a problem for users who actually take
> the advice to build as an unprivileged user by employing sudo. Some are
> obvious, like useradd and groupadd, while others from less familiar
> packages are not. I say this as I'm using the SWAG method about
> mysql_install_db right now, I'm kinda guessing that it'll be in /usr/sbin,
> but I'm not sure.
/usr/bin/mysql_install_db
/usr/bin/mysqld_safe
/usr/bin/mysqladmin
but you can use locate to find them.
> Anyway, I'm not exactly proposing this for BLFS-6.6,
> however, it would be good in the future to provide the full path for items
> in {,/usr}/sbin as these are likely not in the build user's path.
Or just say "as the root user". That implies root's PATH. sudo doesn't
really do the job because it doesn't use root's PATH by default.
The only thing I've been able to come up with is:
sudo su - -c <command>
There are other approaches. Probably the easiest is just
export PATH=$PATH:/sbin:/usr/sbin
when building. Then sudo works fine. The permissions still should
protect when not using sudo.
-- Bruce
--
http://linuxfromscratch.org/mailman/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
