Re: nosuid option for '/'?
- And if nosuid is - a good thing for this system, can it be implemented for the - /home directories only, without doing it for the whole / directory? - - Being that nosuid is a mount option, this would be quite easy to do if - your /home was a separate partition, which I assume it is not. / should NOT be mounted nosuid. but you can mount filesystems as /tmp /home and /var as noexec (the only problem will be with /var/lib/dpkg where dpkg unpacks preinstall and postinstall scripts) -- Matus fantomas Uhlar, sysadmin at NEXTRA, Slovakia; IRC admin of *.sk [EMAIL PROTECTED]; http://www.fantomas.sk/; http://www.nextra.sk/ LSD will make your ECS screen display 16.7 million colors
Re: nosuid option for '/'?
And if nosuid is a good thing for this system, can it be implemented for the /home directories only, without doing it for the whole / directory? Being that nosuid is a mount option, this would be quite easy to do if your /home was a separate partition, which I assume it is not. Somewhere in your startup files, there will be a line that remounts your root filesystem read-write, like: mount / -o remount,rw try changing it to: mount / -o remount,rw,nosuid -- I already have all the latest software. -- Laura Winslow, Family Matters Dwayne Litzenberger - [EMAIL PROTECTED] Advertising Policy: http://DLitzPower.tripod.com/spamoff.htm GnuPG Public Key: http://DLitzPower.tripod.com/gpgkey.asc Fingerprint: 0535 F7CF FF5F 8547 E5A5 695E 4456 FB6C BC39 A4B0 pgppcYOma5MLB.pgp Description: PGP signature
Re: nosuid option for '/'?
-BEGIN PGP SIGNED MESSAGE- On Tue, 12 Oct 1999, Art Lemasters wrote: Do any of you see any potential problem with putting the 'nosuid' option for the '/' directory in /etc/fstab? Yes. Various essential apps that should be in / (/bin actually, which should be on /) require suid. Unless you don't mind not being able to login as anyone besides root ;) And if nosuid is a good thing for this system, can it be implemented for the /home directories only, without doing it for the whole / directory? If /home is a separate partition, certainly. Just make the modification the the /home line of fstab. If not, then no. - -- finger for PGP public key. -BEGIN PGP SIGNATURE- Version: 2.6.3ia Charset: noconv iQCVAwUBOAPXXL7M/9WKZLW5AQE1QgP/T1AxfUtMXff3YvKSOFPyJ1F+q4cOU3gN OLmJE1q6GIV2NLiEKP3oMOVhMDJNJNvhdQFFsZckIm/rUYmeFF5J9ZV842JLPkvV iY/dsNF8La3CT5CyY6WnWNiMfiE7NLbmdqwkdqgM/W1lVR8RytgneAIyAap3ODsC U/8FeIAGcuQ= =Qq6S -END PGP SIGNATURE-