Package: openafs-client
Version: 1.4.12.1+dfsg-3
Severity: wishlist
Tags: patch
It would be nice to configure a system's home cell to be set nosuid
(as per <http://docs.openafs.org/AdminGuide/ch10s07.html>).
We accomplish this with the following patch to the init script. I suppose
ideally there would be a debconf question asking whether to set the home
cell to be SUID and then populating /etc/openafs/afs.conf.client
accordingly.
Dominic.
>From a0bc723c4f39b5c4648bee429ec3596517d51139 Mon Sep 17 00:00:00 2001
From: Dominic Hargreaves <dominic.hargrea...@oucs.ox.ac.uk>
Date: Wed, 9 Feb 2011 14:37:58 +0000
Subject: [PATCH] Set configured cells to be nosuid
---
debian/openafs-client.init | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/debian/openafs-client.init b/debian/openafs-client.init
index 6954e52..e62fb26 100755
--- a/debian/openafs-client.init
+++ b/debian/openafs-client.init
@@ -167,6 +167,10 @@ start_client() {
fs setcrypt on
fi
+ if [ -n "$AFS_NOSUID" ]; then
+ fs setcell -cell "$AFS_NOSUID" -nosuid
+ fi
+
# From /etc/openafs/afs.conf, set a sysname list if one was configured.
if [ -n "$AFS_SYSNAME" ] ; then
fs sysname $AFS_SYSNAME
--
1.7.2.3
