topic mount option suid in Operating System - HP-UX

mount option suid

Network Servers — Fri, 06 Dec 2002 08:20:04 GMT

What does this option do? Is there documentation on it somewhere? Are there any security concerns around this option?

Re: mount option suid

Tom Geudens — Fri, 06 Dec 2002 08:38:32 GMT

Hi,
There's info in
#man 1m mount_vxfs

The way I understand it, you are not allowed to execute suid-scripts (present in that particular filesystem) if the "nosuid" option is used in mounting the filesystem. This would make sense for filesystems that are not "local" to the system (NFS-mounted for example).

Regards,
Tom

Re: mount option suid

U.SivaKumar_2 — Fri, 06 Dec 2002 09:01:06 GMT

Hi,

nosuid option is mainly for NFS security which
prohibits running any program with setuid in
NFS mount directory which if malicious can cause system to come to heels.

By default , suid is set for mounted filesysem

regards,
U.SivaKumar

Re: mount option suid

Wodisch — Fri, 06 Dec 2002 14:02:14 GMT

Hi,

I would not restrict that option ("nosuid" actually!) to only "NFS" mounted filesystems, but to ALL filesystems, which are not under your complete control concerning codefiles/executables/scripts:
- temporary files
- data files
- databases
- file server files
- text/document files
- removable filesystems (floppies, MOs)

And mounting all those filesystems with "nosuid" just keeps everybody from createing (actually: from executing) SUID-programs, i.e. to start a program not under the UID of the starter but the owner of the file.
You'll only need the option "suid" for your root-filesystem, "/usr", and "opt", and possibly for a filesystem containing application codefiles/-scipts.

FWIW,
Wodisch