Solaris

Hi,

Can anyone help on the following

"Mount file system as “nosuid” to prevent accidental and unauthorised execution of software especially Setuid utility"

Question
1) Does this refer only to local mount or remote mount or both
2) What exactly nosuid mean .
3) How does it impact , if the mount point are running application , script
4) My servers mounted file system has the following usage
a)mount point that run application
b) mount point that use as storage for files ,it share out for others servers
to access
So , if I add in the option "nosuid" , does it affect point a) and b).

Regards

nosuid is a combination of nosetuid and nodevices which are separate options. To understand these options you need to know what the suid bit does and what a device file is. If you don't understand the suid bit, see, Unix File Permissions. A device file is normally found in the /dev directory and it allows access to devices such as disk drives.

Now imagine a non-root user (named, say, joe) who mounts a cd on the system. That cd could have a suid program, owned by root, and executable by joe. Now joe has root power. Or suppose it had a file something like /dev/mem but writable by joe. Now joe can scribble in memory and cause the box to panic. To prevent joe from obtaining enough power to compromise the system, we must prevent joe from mounting cd's with device files or suid programs. That is where the nosuid option comes in.

In addition to mounting removable media, a similiar problem arises from mounting NFS file systems, which may not be under the control of the local admin. nosuid, nosetuid, and nodevices would not usually be used on ordinary local disks. Just removable media and NFS filesystems.