LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Blogs > The Slacker's Blog
User Name
Password

Notices

This is a semi-random collection of posts on nearly all things Slackware and Linux-related -- at least as I see it.
Rate this Entry

Build Notes for LFS 6.6 with Package Users -- Part 3

Posted 10-20-2010 at 03:01 PM by Lufbery
Updated 11-07-2010 at 08:30 PM by Lufbery

Continued from part 2.

Shadow-4.1.4.2
Installation fails as indicated in the hint because of the international man pages. I decided to install them. After the installation failure: Change the foreign language man page directories to install groups as the root user, from /usr/share/man:

Code:
find /usr/share/man -type d -exec chgrp install '{}' \;
and

Code:
find /usr/share/man -type d -exec chmod g+w,o+t '{}' \;
Finally, I chose to set su, chage, chfn, chsh, expiry, gpasswd, newgrp and passwd as setuid root.

Additional notes from crts:
After finishing the installation logout and configure shadow as root.

Fix the permissions for passwd:

Code:
chown 0 /bin/passwd
chmod 4765 /bin/passwd
By default /bin/su got permission 4755 but with user:group set to shadow:shadow. This prohibits roots from using su. Fix permission for su with

Code:
chmod 0755 /bin/su
If you want normal users to be able to use su then apply following changes

Code:
chown 0 /bin/su
chmod 4755 /bin/su
Keep in mind that other binaries of this package might need permission adjustment, too, e. g. useradd, groupadd, etc.

Apply additional 'sed' to avoid future complains about non-existent default group:

Code:
sed -i '/GROUP/d' /etc/default/useradd
Sysklogd-1.5
From the hint: "sysklogd's Makefile has /usr/bin/install hardwired as the install program, which circumvents the install wrapper. The wrapper is needed for sysklogd because it tries to make its manpages owned by root (which obviously a package user is not allowed to do). Therefore, install with 'make INSTALL=install install'."

Sysvinit-2.86
Do not follow the instructions in the package user hint. They are no longer applicable, probably because the items in /dev are bind mounted to the host. Nothing special was needed for a package user.

Tar-1.22
Nothing special as a package user.

Texinfo-4.13a
Nothing special for a package user to install the package.

crts recommends:
After installation recreate the file /usr/share/info/dir as user root. The best option here is to store the following commands in a script since recreation of /usr/share/info/dir might be necessary in the future. Choose an appropriate place and name for the script.

Code:
#!/bin/bash
# /usr/sbin/recreate-info-dir
rm -vf /usr/share/info/dir
for file in /usr/share/info/*; do
	install-info "$file" /usr/share/info/dir 2>/dev/null
done
chown 0:install /usr/info/dir
chmod 664 /usr/info/dir
Udev-151
Nothing special for a package user. The hint seems to be out of date.

crts recommends executing the following command as root:

Code:
mknod -m0666 /lib/udev/devices/null c 1 3
Vim-7.2
I did not build Vim, but nobody has reported any special steps necessary to build it as a package user.

Nano-2.2.5
Emacs-23.2

I installed two extra packages, Nano-2.2.5 and Emacs 23.2. Nothing special was needed for Nano.

The old canard about Emacs being a wonderful operating system with a mediocre text editor is (sadly) somewhat true. LFS with just Emacs installed from BLFS is a surprisingly capable system with a built-in file manager, a good development environment, and even some games.

Anyway, the Emacs-23.2 installation initially fails because /var/games needs to be created and made into an install group.

Chapter 7.2 LFS-boot scripts
No problems when built as a package user.

Chapter 8.3 the Linux kernel
There are no problems configuring and building the Linux kernel as a package user. When trying to copy the compiled kernel image to /boot a permission denied error will occur because /boot is not an install directory.

I copied the files manually to /boot as the root user. crts made /boot an install directory.

Chapter 8.4: GRUB
I use my host’s installation of LILO to boot LFS. If using Grub, crts recommends that all the steps in this chapter should be performed as root. Creating a rescue floppy is optional. Manually edit /boot/grub/grub.cfg. You will most probably have to change entries like /dev/hda1 to /dev/sda1. Also edit the /etc/fstab accordingly.

V. Conclusion
At first blush, the above notes seem complicated. Building a system with package management is more complicated than building it without. But maintaining the system is a lot easier with package management, so I feel the trade-off is worth it.

More to the point, using package users gets easier after the first couple of builds. The first couple of builds are also some of the trickiest, so the above notes should help get new package user users over the hump.

What remains to be seen is how well the package user scheme works for building X and the various applications from Beyond Linux from Scratch.
--------------------------------------------------------
Explanation of devpts Mounting

The full message is available on the lfs-dev mailing list:
Bryan Kadzban bryan at kadzban.is-a-geek.net Sat Oct 9 20:50:46 MDT 2010

Look in the kernel sources. See fs/devpts/inode.c, around line 494 (in 2.6.35.5), function devpts_pty_new. After creating an inode struct for the slave device, and setting its inode index to the slave device's number, the code does this:

inode->i_uid = opts->setuid ? opts->uid : current_fsuid();
inode->i_gid = opts->setgid ? opts->gid : current_fsgid();
/* <set {i,a,m}time to right now> */
init_special_inode(inode, S_IFCHR|opts->mode, device);

The opts->* fields are set by mount options; if you pass uid=x when mounting devpts, then opts->setuid will be 1, and opts->uid will be x. Same with gid=x and the *gid fields, and same with ->mode (which defaults to 0600 if not provided in the mount options).

And of course, current_fsuid() and current_fsgid() are accessors for the filesystem UID and GID of the current process (i.e. the one that called open() on /dev/ptmx, since that handler calls into here).

So, first: When you mount devpts inside the chroot, are you giving it a uid=xxxx parameter? If so, don't.

The kernel does all the work for you. As long as a user exists, and the fsuid/fsgid are set properly, you have permission, and grantpt() should be doing exactly nothing.

I suspect that if there's a problem [with the ‘expect -c "spawn ls"’ test run as a non-root user] it's with glibc. I'm pulling down 2.12.1 now, to see what I can find out about the implementation of grantpt()...

OK, I've looked at grantpt (sysdeps/unix/grantpt.c FWIW). It appears to be trying to verify several things on the pty slave:

- Is its UID the same as the current user?
- Is its GID that of the "tty" group (if that exists) or the current user (otherwise)?
- Is its mode 0620?

If any of those fail, it will attempt to fix the problem (which will only work as root), and fork out to pt_chown if it can't. So, second, you *have* to be sure the GID of slaves is tty, and the mode is 0620.

And, remember the mount options above? This is where they come in. :-) You'll need to ensure you use gid=4,mode=0620 (assuming you set up /etc/group the way the book does). But I'm seeing that section 6.2 is wrong; it isn't specifying either a mode or a gid for the devpts mount. That should probably change to:

Code:
mount -vt devpts -o gid=4,mode=0620 devpts $LFS/dev/pts
to make this work properly.
Posted in Uncategorized
Views 1527 Comments 0
« Prev     Main     Next »
Total Comments 0

Comments

 

  



All times are GMT -5. The time now is 11:51 PM.

Main Menu
Advertisement

My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration