This is not a great idea - do you want smbmount or mount?
This makes the smbmount be setuid - it runs as the root user.
This would let users mount (& unmount if you setuid the the other file-smbunmount) Windows SMB mounted filesystems. Which is possibly the only valid mount/unmount you would want users doing. Otherwise they could trash your system. setuid on anything like mount is both a security risk and an open can of worms, waiting to crawl out.
Last edited by jim mcnamara; 09-08-2008 at 01:04 PM..
Hi
I have make a program that needs root privleges but any user can try to run it, so what I want it is, when any user tries( other than root ) to run the program, an input prompt would open to enter root password ( if user knows ) and program will run ( otherwise exit ), and after completing... (21 Replies)
Good day Guys!!!
I am currently making a script in AIX, the script runs a SAS job, the owner of the script is the root, but the SAS jobs cannot be run by the root, as it should be run by a user 'sasia'. But inside the script, root creates a logfile, so what I need is just to su to sasia for the... (3 Replies)
Hello,
As admin with root rights, to execute any command from another user without password-ask, I do : su - <user> -c "<cmd>"
But how can I do to give the same rights to another physical user without using root user ? :confused:
I've try to create another user "toor" with the same primary... (4 Replies)
Hi all,
I am trying to eject the cdrom from a livecd after certain stage...
Now assuming that it is possible to eject,please consider my issue!!!
The OS boots into a regular user by default...so i am unable to use the eject command to push out the drive...
However if i try pfexec eject it... (3 Replies)
i have installed oracle 10g and two databases.
i enter database1 as sysdba and create a user called user1.i give the privileges as "select on" to user1.
i enter sqlplus from the shell prompt. i enter as user1. but when i do "select * from emp" i have a "the table doesn't exist". how can i give... (3 Replies)
Afternoon everyone,
I would want to ask that how/what privileges i should grant to a new user so that the user can clear /disable printing job queue?
Solaris OS: 5.9
Thanks. :b: (4 Replies)
My English is no very good.
I must make a bash scripting sh create like a backdoor, and when execute the script a user without privileges convert in super user or root, whithout introducing the password.
In Spanish:
Crear un script que sirva como puerta trasera al sistema, de manera que al... (1 Reply)
I had a question in my test which asked where suppose user B has a program with 's' bit set. Can user A run this program and gain root privileges in any way?
I suppose not as the suid program run with privileges of owner and this program will run with B's privileges and not root. (1 Reply)
Discussion started by: syncmaster
1 Replies
LEARN ABOUT NETBSD
secmodel_extensions
SECMODEL_EXTENSIONS(9) BSD Kernel Developer's Manual SECMODEL_EXTENSIONS(9)NAME
secmodel_extensions -- Extensions security model
DESCRIPTION
secmodel_extensions implements extensions to the traditional security model based on the original 4.4BSD. They can be used to grant addi-
tional privileges to ordinary users, or enable specific security measures like curtain mode.
The extensions are described below.
Curtain mode
When enabled, all returned objects will be filtered according to the user-id requesting information about them, preventing users from access-
ing objects they do not own.
It affects the output of many commands, including fstat(1), netstat(1), ps(1), sockstat(1), and w(1).
This extension is enabled by setting security.models.extensions.curtain or security.curtain sysctl(7) to a non-zero value.
It can be enabled at any time, but cannot be disabled anymore when the securelevel of the system is above 0.
Non-superuser mounts
When enabled, it allows file-systems to be mounted by an ordinary user who owns the point node and has at least read access to the special
device mount(8) arguments. Note that the nosuid and nodev flags must be given for non-superuser mounts.
This extension is enabled by setting security.models.extensions.usermount or vfs.generic.usermount sysctl(7) to a non-zero value.
It can be disabled at any time, but cannot be enabled anymore when the securelevel of the system is above 0.
Non-superuser control of CPU sets
When enabled, an ordinary user is allowed to control the CPU affinity(3) of the processes and threads he owns.
This extension is enabled by setting security.models.extensions.user_set_cpu_affinity sysctl(7) to a non-zero value.
It can be disabled at any time, but cannot be enabled anymore when the securelevel of the system is above 0.
SEE ALSO affinity(3), sched(3), sysctl(7), kauth(9), secmodel(9), secmodel_bsd44(9), secmodel_securelevel(9), secmodel_suser(9)AUTHORS
Elad Efrat <elad@NetBSD.org>
BSD December 3, 2011 BSD