> DJ Lucas wrote: >> Guys, after rewriting most of my build scripts to use an unprivileged >> user >> over the past few weeks, I noticed something that I think would benefit >> users of the book. Most commands that are not in a typical user's path >> do >> not explicitly say so. > > I don't think so. I omitted it from mysql because I just didn't think > about it, but for instance apache has: > > "For security reasons, running the server as an unprivileged user and > group is strongly encouraged. Create the following group and user using > the following commands (as root): > groupadd > ... > > I'll try to fix mysql tomorrow. >
Actually (as you noted later), MySQL doesn't need to be fixed. It's fine, I just made a bad guess. Well actually, I disagree with the developers on its install location, but I was still incorrect. :-) > There are other approaches. Probably the easiest is just > > export PATH=$PATH:/sbin:/usr/sbin > > when building. Then sudo works fine. The permissions still should > protect when not using sudo. > Yes, I had considered this and sudo -i as well, however, it shouldn't be necessary IMO. I wonder if I shouldn't look into modifying sudo...add another configuration entry. append_path as opposed to secure_path? -- DJ Lucas -- This message has been scanned for viruses and dangerous content, and is believed to be clean. -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
