On Mon, Mar 25, 2013 at 02:40:20PM +0100, Richard PALO wrote: > Le 25/03/13 14:16, Marcel Telka a écrit : > >On Mon, Mar 25, 2013 at 02:06:31PM +0100, Richard PALO wrote: > >>Le 25/03/13 13:51, Marcel Telka a écrit : > >>>nosuid option in a share and in mount are not the same things. Please read > >>>share_nfs(1M) and mount(1M). > >>> > >>Maybe I missing something... I thought nosuid == nosetuid + nodevices > >> > >> From man mount_nfs (apparently also believes so) > > > >Yes. That's correct for mount_nfs. But nosuid for a share means something > >different: > > > > nosuid > > > > By default, clients are allowed to create files on > > the shared file system with the setuid or setgid > > mode enabled. Specifying nosuid causes the server > > file system to silently ignore any attempt to enable > > the setuid or setgid mode bits. > > > >>Are you saying the the fact I specify nosuid on the server side in > >>the sharenfs options, that the client flagrantly ignores this? (in > >>the auto_home mount) > > > >See above. nosuid at the server side is not the same as nosuid at the client > >side. > > > > So if I translate, you mean that when nosuid is on the server, any > setuid or device operation will 'silently' fail, and in any case, > the child doesn't know beforehand.
No "setuid or device operation", but chmod(2) operations trying to set setuid or setgid bits will have no effect. IOW, you'll not be able to do something like "chmod u+s file" or "chmod g+s file". It will just do nothing. > > sounds convoluted, but okay (feeling uncomfortably numb here). > > from share_nfs > >nosuid > > > > By default, clients are allowed to create files on > > the shared file system with the setuid or setgid > > mode enabled. Specifying nosuid causes the server > > file system to silently ignore any attempt to enable > > the setuid or setgid mode bits. > > what is best practices for auto mount home, then. > > the default is okay? or should /home also be -nosuid? No idea what is the best practice. > > ># Master map for automounter > ># > >+auto_master > >/net -hosts -nosuid,nobrowse > >/home auto_home -nobrowse -nobrowse sounds reasonable. -- +-------------------------------------------+ | Marcel Telka e-mail: [email protected] | | homepage: http://telka.sk/ | | jabber: [email protected] | +-------------------------------------------+ ------------------------------------------- illumos-discuss Archives: https://www.listbox.com/member/archive/182180/=now RSS Feed: https://www.listbox.com/member/archive/rss/182180/21175430-2e6923be Modify Your Subscription: https://www.listbox.com/member/?member_id=21175430&id_secret=21175430-6a77cda4 Powered by Listbox: http://www.listbox.com
