contains commands that may be used by both the system administrator and by users". From that statement we
can infer that
/bin
should have read and execute permission for everyone. On the other hand, the
/boot
directory contains files for the boot loader. Chances are good that regular users will not need to access
anything in the
/boot
directory. So the minimum level of access would be read permission for the root user
and other administrators who are members of the root group. Normal users would have no permissions
assigned on the
/boot
directory.
Most of the time we can assign similar permissions to all the commands in a directory, but there are some
programs that prove to be exceptions to the rule. The su command is a good example. Other commands in the
/bin directory have a minimum requirement of read and execute, but the su command needs to be setuid root
in order to run correctly. Since it is a setuid binary, it might not be a good idea to allow just anyone to run it.
Ownership of 0:0 (root user, root group) and permissions of rwsr−x−−− (octal 4750) would be a good fit for
su
.
The same logic can be applied to other directories and files in the root filesystem using the following steps:
Assign ownership to the root user and root group.
1.
Set the most restrictive permissions possible.
2.
Adjust ownership and permissions on an "as needed" basis.
3.
7.3. Construction
7.3.1. Verify presence of getty and login
bash# ls ~/staging/sbin/getty
bash# ls ~/staging/bin/login
7.3.2. Modify inittab for multi−user mode
Modify
~/staging/etc/inittab
by changing the default runlevel and adding getty entries as shown
below.
# /etc/inittab − init daemon configuration file
#
# Default runlevel
id:2:initdefault:
#
# System initialization
si:S:sysinit:/etc/init.d/rc S
#
# Runlevel scripts
r0:0:wait:/etc/init.d/rc 0
r1:1:respawn:/bin/sh
r2:2:wait:/etc/init.d/rc 2
r3:3:wait:/etc/init.d/rc 3
r4:4:wait:/etc/init.d/rc 4
r5:5:wait:/etc/init.d/rc 5
r6:6:wait:/etc/init.d/rc 6
#
# Spawn virtual terminals
1:235:respawn:/sbin/getty 38400 tty1 linux
2:235:respawn:/sbin/getty 38400 tty2 linux
3:235:respawn:/sbin/getty 38400 tty3 linux
Pocket Linux Guide
Chapter 7. Enabling Multiple Users
37