> >> / rw,nosuid >> /usr ro >> /var rw,nosuid >> /home rw,nosuid >> /tmp rw,nosuid >> /usr/local ro > >excellent thinking. Does anyone have any problems with this philosophy? >I noticed some systems around here with /sbin/su and /sbin/sulogin. >These would be disabled if the above conditions were met. >Is this a problem? Anything else break? If you have systems with /sbin/su and /sbin/sulogin it might just be Solaris 2.x machines. On Solaris 2.x, nosuid is a combination of nosuid and nodev. Using nosuid on / sort of breaks things there. Also, tmpfs mount in Solaris does not understand the nosuid option which means you might end up with /tmp in /. I have a new mount_tmpfs program for those of you interested in nosuid /tmp for Solaris 2.3. Casper