SetUID/SetGID Kernel Option
Martin McCormick
martin at dc.cis.okstate.edu
Thu Jun 4 16:22:11 UTC 2009
Jonathan McKeown writes:
> You need to add
>
> option SUIDDIR
>
> To the kernel config. You can find a sample line in /sys/conf/NOTES
>
> > We see in the fstab the following:
> Once you've recompiled the kernel you also need to use suiddir in the
> mount
> options for any filesystem where you want file ownership to be inherited
> from
> the directory.
>
> It's described in the kernel notes and in the mount manpage as a dangerous
> option which opens security holes.
Ah, just what we need.:-)
>
> I notice that you mention setGID as well, which under sysV-derived systems
> allows file to inherit group ownership from the directory. If that's
> what's
> wanted, you don't need to do anything, as the behaviour that's optional on
> sysV systems like Linux is the default behaviour on FreeBSD.
Thank you very much. I've been using Unix for almost 20
years and have the syndrome that we get comfortable doing what
we do and sometimes need to stretch a bit as there is more than
enough in Unix to keep anybody busy for a lifetime.
Also, thanks for helping the poster get pointed in the
right direction on the serial console install. That has turned
out to be extremely useful.
The latest Debian Linux disk is also easy to install
serially if you can type on the local keyboard long enough to
type h for help, Enter, and then either
rescue or install console=ttySx for 9600 or add ,38400,n81 or
whatever serial parameters you need.
Martin McCormick WB5AGZ Stillwater, OK
Systems Engineer
OSU Information Technology Department Telecommunications Services Group
More information about the freebsd-questions
mailing list