Re: permissions

Casper Dik (casper@fwi.uva.nl)
Tue, 17 May 94 17:26:25 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: H Morrow Long: "Re: /dev/{km,m}em worries"
Previous message: rickt@gnu.ai.mit.edu: "/dev/{km,m}em worries"
In reply to: Bruce Barnett: "Re: permissions"
Next in thread: Howard the Energizer: "Re: permissions"

>
>> /		rw,nosuid
>> /usr		ro
>> /var		rw,nosuid
>> /home		rw,nosuid
>> /tmp		rw,nosuid
>> /usr/local	ro
>
>excellent thinking. Does anyone have any problems with this philosophy?
>I noticed some systems around here with /sbin/su and /sbin/sulogin.
>These would be disabled if the above conditions were met.
>Is this a problem? Anything else break?

If you have systems with /sbin/su and /sbin/sulogin it might just
be Solaris 2.x machines.  On Solaris 2.x, nosuid is a combination of
nosuid and nodev.  Using nosuid on / sort of breaks things there.
Also, tmpfs mount in Solaris does not understand the nosuid option
which means you might end up with /tmp in /.

I have a new mount_tmpfs program for those of you interested in
nosuid /tmp for Solaris 2.3.


Casper

Next message: H Morrow Long: "Re: /dev/{km,m}em worries"
Previous message: rickt@gnu.ai.mit.edu: "/dev/{km,m}em worries"
In reply to: Bruce Barnett: "Re: permissions"
Next in thread: Howard the Energizer: "Re: permissions"