SetUID/SetGID Kernel Option
I have been asked to enable the following kernel option: SetUID/SetGID - Allow directories to inherit their owner from the parent directory. The generic kernel under FreeBSD6.3 is what we presently use on the system in question and I see no commented-out option for compilation. We see in the fstab the following: # DeviceMountpoint FStype Options DumpPass# #Default is for no SUIDDIR. #/dev/mfid0s1a / ufs rw 1 1 #Living a bit more dangerously, we turned it back on. /dev/mfid0s1a / ufs rw,SUIDDIR 11 This looks like it may address the issue, but a test shows that it does not appear to happen. Where do I use this option? This seems to be my day for asking strange questions but I have run up against a couple of things that are not in my usual sphere of knowledge and nothing jumped out at me from documentation. Martin McCormick WB5AGZ Stillwater, OK Systems Engineer OSU Information Technology Department Telecommunications Services Group ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SetUID/SetGID Kernel Option
Hi Martin On Thursday 04 June 2009 16:23:29 Martin McCormick wrote: I have been asked to enable the following kernel option: SetUID/SetGID - Allow directories to inherit their owner from the parent directory. The generic kernel under FreeBSD6.3 is what we presently use on the system in question and I see no commented-out option for compilation. You need to add option SUIDDIR To the kernel config. You can find a sample line in /sys/conf/NOTES We see in the fstab the following: # Device Mountpoint FStype Options DumpPass# #Default is for no SUIDDIR. #/dev/mfid0s1a/ ufs rw 1 1 #Living a bit more dangerously, we turned it back on. /dev/mfid0s1a / ufs rw,SUIDDIR 11 This looks like it may address the issue, but a test shows that it does not appear to happen. Once you've recompiled the kernel you also need to use suiddir in the mount options for any filesystem where you want file ownership to be inherited from the directory. It's described in the kernel notes and in the mount manpage as a dangerous option which opens security holes. I notice that you mention setGID as well, which under sysV-derived systems allows file to inherit group ownership from the directory. If that's what's wanted, you don't need to do anything, as the behaviour that's optional on sysV systems like Linux is the default behaviour on FreeBSD. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SetUID/SetGID Kernel Option
Jonathan McKeown writes: You need to add option SUIDDIR To the kernel config. You can find a sample line in /sys/conf/NOTES We see in the fstab the following: Once you've recompiled the kernel you also need to use suiddir in the mount options for any filesystem where you want file ownership to be inherited from the directory. It's described in the kernel notes and in the mount manpage as a dangerous option which opens security holes. Ah, just what we need.:-) I notice that you mention setGID as well, which under sysV-derived systems allows file to inherit group ownership from the directory. If that's what's wanted, you don't need to do anything, as the behaviour that's optional on sysV systems like Linux is the default behaviour on FreeBSD. Thank you very much. I've been using Unix for almost 20 years and have the syndrome that we get comfortable doing what we do and sometimes need to stretch a bit as there is more than enough in Unix to keep anybody busy for a lifetime. Also, thanks for helping the poster get pointed in the right direction on the serial console install. That has turned out to be extremely useful. The latest Debian Linux disk is also easy to install serially if you can type on the local keyboard long enough to type h for help, Enter, and then either rescue or install console=ttySx for 9600 or add ,38400,n81 or whatever serial parameters you need. Martin McCormick WB5AGZ Stillwater, OK Systems Engineer OSU Information Technology Department Telecommunications Services Group ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
