On Fri, Feb 25, 2000 at 03:16:42AM +0200, Shaul Karl wrote: > 1) extra security? > [03:11:45 /tmp]$ man 8 mount | grep -A1 -B3 suid > nosuid Do not allow set-user-identifier or set- > group-identifier bits to take effect. (This > seems safe, but is in fact rather unsafe if > you have suidperl(1) installed.) > > [03:11:55 /tmp]$ > > 2) Is set-group-identifier the same s that I got for my home dir? > [03:14:03 /tmp]$ ls -ld ~ > drwxr-sr-x 27 shaul shaul 2048 Feb 25 03:09 /home/shaul > [03:14:05 /tmp]$
no setgid on directory does not matter as far as the nosuid mount option is concerned, the setgid bit on your home dir is completely pointless though AFAICT, your primary group is shaul so everything you create will have that group anyway, its only useful when you have a shared directory with a different group, the setgid bit would ensure everything you create there has that group instead if your primary group (al la BSD) nosuid just causes the kernel to refuse to execute a binary with the set[ug]id bit set if the owner of the file does not match the user trying to execute it. does not matter for directorys since you cannot execute them. -- Ethan Benson
