From owner-freebsd-questions Thu Mar 26 16:26:32 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA20636 for freebsd-questions-outgoing; Thu, 26 Mar 1998 16:26:32 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from whistle.com (s205m131.whistle.com [207.76.205.131]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA20629 for ; Thu, 26 Mar 1998 16:26:17 -0800 (PST) (envelope-from dhw@whistle.com) Received: (from smap@localhost) by whistle.com (8.7.5/8.6.12) id QAA18737 for ; Thu, 26 Mar 1998 16:25:48 -0800 (PST) Received: from pau-amma.whistle.com(207.76.205.64) by whistle.com via smap (V1.3) id sma018735; Thu Mar 26 16:25:35 1998 Received: (from dhw@localhost) by pau-amma.whistle.com (8.8.7/8.8.7) id QAA01598 for freebsd-questions@freebsd.org; Thu, 26 Mar 1998 16:25:34 -0800 (PST) (envelope-from dhw) Date: Thu, 26 Mar 1998 16:25:34 -0800 (PST) From: David Wolfskill Message-Id: <199803270025.QAA01598@pau-amma.whistle.com> To: freebsd-questions@FreeBSD.ORG Subject: amd, NFS, & set[GU]ID flags (2.2.6-BETA) Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG OK; I'm running 2.2.6-BETA as of about a week ago. I have a filesystem mounted (via NFS & amd); the amd spec says "nosuid, grpid". I built a program (top) on that filesystem as a setGID, owned by root.kmem, which matches the permissions for /dev/mem. I try running the program; get "Permission denied" for /dev/mem. I try runing the program under "sudo"; it works fine. I try copying the file ("cp -p") to /tmp & running it (normally -- no "sudo") from there; it works fine. (/tmp is *not* mounted via NFS.) I fired up a dumb little hack of a program that I cobbled up a while back (to list mounted filesystems & the mount flags); the relevant "flags" field for the filesystem in question reads 00000008, which (according to /usr/include/sys/mount.h) is MNT_NOSUID; the associated comment reads "/* don't honor setuid bits on fs */" Here's where things get "interesting": I don't see a flag for "do [not] honor setgid bits on fs". And the empirical evidence at hand suggests that quite possibly, the MNT_NOSUID flag is being used for both setuid & setgid.... I will prowl around a bit... but since I'm still rather new to the FreeBSD world, I would appreciate any "course corrections" that might be appropriate. (BTW: I had earlier inquired as to a way to determine the "NFS mount option flags" empirically. Never did find a way to do this, but I did finally(!) discover the "nfsvs" option for the amd spec, and since I implemented that, my machine seems significantly more stable....) Thanks, david -- David Wolfskill dhw@whistle.com (650) 577-7158 pager: (650) 401-0168 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message