On 19Sep2006 16:53, Bill Tangren <bjt@xxxxxxxxxxxxxxxx> wrote: | I am required to remove the suid bit on several mounted filesystems. I'd | like to know what y'all think will happen if I do that. | | The file systems are: | | none on /sys type sysfs (rw) | usbfs on /proc/bus/usb type usbfs (rw) | /dev/sda1 on /boot type ext3 (rw) | none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) | sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw) None of these would normally have setuid content, so this is fine. | | /sys and /dev/sda1 are found in /etc/fstab. I need to change | | LABEL=/boot /boot ext3 defaults 1 2 | none /sys sysfs defaults 0 0 | | to | | LABEL=/boot /boot ext3 rw,nosuid,dev,exec,auto,nouser,async 1 2 | none /sys sysfs rw,nosuid,dev,exec,auto,nouser,async 0 0 You should just be able to say "nosuid". You don't need to list everything else - they will have the default values. The word "defaults" only exists to occupy the column when _everything_ is default. This will also protect you from using options on some of these "special" filesystems which don't apply. | I haven't a clue as to how to modify these without breaking something. You should only need to change /boot. I do not expect it is even possible to try to create a setuid file on these other filesystems; they are kernel generated views of stuff and as far as I know do not contain "setuid" things. Cheers, -- Cameron Simpson <cs@xxxxxxxxxx> DoD#743 http://www.cskk.ezoshosting.com/cs/ Sam Jones <samjones@xxxxxxxxxxx> on the Nine Types of User: Taskmaster - "Well, this is a file in MacWrite. Do you know how I can upload it to MUSIC, transfer it over to UNIX from there, download it onto an IBM, convert it to WordPerfect, and put it in three-column format?" Advantages: Bold new challanges. Disadvantages: Makes one wish to be a garbage collector. Symptoms: An inability to keep quiet. Strong tendancies to make machines do things they don't want to do. Real Case: One user tried to get a scon to find out what another person's E-mail address was even though the user didn't know his target's home system, account name, or real name. -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
