HPE Community
Operating System - HP-UX
1834462 Members
3520 Online
110067 Solutions
New Discussion

nosuid with Ignite mounts

 
SOLVED
Go to solution
raiden
Regular Advisor

‎07-16-2009 12:34 PM

‎07-16-2009 12:34 PM

nosuid with Ignite mounts

Hi,

Auditors have told that every nfs should be mounted with the nosuid option.

We are taking Ignite backups of our backup server from where the directories are exported. During ignite the directories are mounted on client machine.

NOw Please help me to know that how do i ensure that the Ignite Directories are mounted with nosuid option on clients. If not than is there any option in Ignite configuration to apply this option of nosuid. Please help
0 Kudos
Reply
5 REPLIES 5
Steven E. Protter
Exalted Contributor

‎07-16-2009 12:57 PM

‎07-16-2009 12:57 PM

Solution

Re: nosuid with Ignite mounts

Shalom,

Ignite servers commonly violate security concerns.

They use tftp and rsh, and not more secure protocols such as ssh/sftp.

You will have to change the options and test this out. If it does not work, you will have to tell your auditors an exception is called for. If there is no exception then the function Ignite performs, having valid backups of system configuration can not be performed.

How to do it.
http://docs.hp.com/en/B1031-90043/ch02s03.html


SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Bill Hassell
Honored Contributor

‎07-16-2009 06:04 PM

‎07-16-2009 06:04 PM

Re: nosuid with Ignite mounts

There is no issue with disabling suid on Ignite NFS mounts. I would definitely recommend it on every NFS mountpoint -- I have trouble allowing any executable to run on one system that is controlled by another system, and an suid program is particularly troublesome. To my knowledge, there are no programs in the Ignite NFS tree so nosuid is a no-brainer.


Bill Hassell, sysadmin
Reply
raiden
Regular Advisor

‎07-16-2009 08:06 PM

‎07-16-2009 08:06 PM

Re: nosuid with Ignite mounts

Thanks Steven ..Thanks BIll. Your information was useful... I think we will have a exception for Ignite mounts because Ignite directories are mounted only for that particular time taken to complete Ignite.. After which they are unmounted.
0 Kudos
Reply
Ganesan R
Honored Contributor

‎07-16-2009 09:20 PM

‎07-16-2009 09:20 PM

Re: nosuid with Ignite mounts

Hi Raiden,

Mounting a filesystem with the 'nosuid' option disables the 'setuid' action. If you mount a filesystem this way and attempt to execute a 'setuid' binary existing in that filesystem, you see:

"Setuid execution not allowed"

By default the filesystems will be mounted with suid option though it is not mentioned in fstab file.

And setting this option needs unmount of that filesystems.
Best wishes,

Ganesh.
0 Kudos
Reply
Ganesan R
Honored Contributor

‎07-16-2009 09:22 PM

‎07-16-2009 09:22 PM

Re: nosuid with Ignite mounts

Hi again,

Read this to know more about NFS mount options..

http://docs.hp.com/en/5992-0714/ch02s03.html#bghdijij
Best wishes,

Ganesh.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.