Cameron Simpson wrote:
On 19Sep2006 16:53, Bill Tangren <bjt@xxxxxxxxxxxxxxxx> wrote:
| I am required to remove the suid bit on several mounted filesystems. I'd
| like to know what y'all think will happen if I do that.
|
| The file systems are:
|
| none on /sys type sysfs (rw)
| usbfs on /proc/bus/usb type usbfs (rw)
| /dev/sda1 on /boot type ext3 (rw)
| none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
| sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
None of these would normally have setuid content, so this is fine.
|
| /sys and /dev/sda1 are found in /etc/fstab. I need to change
|
| LABEL=/boot /boot ext3 defaults 1 2
| none /sys sysfs defaults 0 0
|
| to
|
| LABEL=/boot /boot ext3 rw,nosuid,dev,exec,auto,nouser,async 1 2
| none /sys sysfs rw,nosuid,dev,exec,auto,nouser,async 0 0
You should just be able to say "nosuid". You don't need to list everything
else - they will have the default values. The word "defaults" only exists
to occupy the column when _everything_ is default.
This will also protect you from using options on some of these "special"
filesystems which don't apply.
| I haven't a clue as to how to modify these without breaking something.
You should only need to change /boot. I do not expect it is even
possible to try to create a setuid file on these other filesystems; they
are kernel generated views of stuff and as far as I know do not contain
"setuid" things.
Cheers,
Thanks!
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
