Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 26 Mar 1998 16:25:34 -0800 (PST)
From:      David Wolfskill <dhw@whistle.com>
To:        freebsd-questions@FreeBSD.ORG
Subject:   amd, NFS, & set[GU]ID flags (2.2.6-BETA)
Message-ID:  <199803270025.QAA01598@pau-amma.whistle.com>
next in thread | raw e-mail | index | archive | help 
OK; I'm running 2.2.6-BETA as of about a week ago.

I have a filesystem mounted (via NFS & amd); the amd spec says "nosuid,
grpid".

I built a program (top) on that filesystem as a setGID, owned by
root.kmem, which matches the permissions for /dev/mem.

I try running the program; get "Permission denied" for /dev/mem.

I try runing the program under "sudo"; it works fine.

I try copying the file ("cp -p") to /tmp & running it (normally --
no "sudo") from there; it works fine.  (/tmp is *not* mounted via
NFS.)

I fired up a dumb little hack of a program that I cobbled up a while
back (to list mounted filesystems & the mount flags); the relevant
"flags" field for the filesystem in question reads 00000008,
which (according to /usr/include/sys/mount.h) is MNT_NOSUID; the
associated comment reads "/* don't honor setuid bits on fs */"

Here's where things get "interesting":  I don't see a flag for "do
[not] honor setgid bits on fs".  And the empirical evidence at hand
suggests that quite possibly, the MNT_NOSUID flag is being used
for both setuid & setgid....  I will prowl around a bit... but
since I'm still rather new to the FreeBSD world, I would appreciate any
"course corrections" that might be appropriate.

(BTW:  I had earlier inquired as to a way to determine the "NFS mount
option flags" empirically.  Never did find a way to do this, but I did
finally(!) discover the "nfsvs" option for the amd spec, and since I
implemented that, my machine seems significantly more stable....)

Thanks,
david
-- 
David Wolfskill		dhw@whistle.com	(650) 577-7158	pager: (650) 401-0168

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199803270025.QAA01598>