Le 25/03/13 14:16, Marcel Telka a écrit :
On Mon, Mar 25, 2013 at 02:06:31PM +0100, Richard PALO wrote:
Le 25/03/13 13:51, Marcel Telka a écrit :
nosuid option in a share and in mount are not the same things. Please read
share_nfs(1M) and mount(1M).
Maybe I missing something... I thought nosuid == nosetuid + nodevices
From man mount_nfs (apparently also believes so)
Yes. That's correct for mount_nfs. But nosuid for a share means something
different:
nosuid
By default, clients are allowed to create files on
the shared file system with the setuid or setgid
mode enabled. Specifying nosuid causes the server
file system to silently ignore any attempt to enable
the setuid or setgid mode bits.
Are you saying the the fact I specify nosuid on the server side in
the sharenfs options, that the client flagrantly ignores this? (in
the auto_home mount)
See above. nosuid at the server side is not the same as nosuid at the client
side.
So if I translate, you mean that when nosuid is on the server, any
setuid or device operation will 'silently' fail, and in any case, the
child doesn't know beforehand.
sounds convoluted, but okay (feeling uncomfortably numb here).
from share_nfs
nosuid
By default, clients are allowed to create files on
the shared file system with the setuid or setgid
mode enabled. Specifying nosuid causes the server
file system to silently ignore any attempt to enable
the setuid or setgid mode bits.
what is best practices for auto mount home, then.
the default is okay? or should /home also be -nosuid?
# Master map for automounter
#
+auto_master
/net -hosts -nosuid,nobrowse
/home auto_home -nobrowse
-------------------------------------------
illumos-discuss
Archives: https://www.listbox.com/member/archive/182180/=now
RSS Feed: https://www.listbox.com/member/archive/rss/182180/21175430-2e6923be
Modify Your Subscription:
https://www.listbox.com/member/?member_id=21175430&id_secret=21175430-6a77cda4
Powered by Listbox: http://www.listbox.com
