From owner-freebsd-questions@FreeBSD.ORG Thu Jun 4 14:44:57 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A7AAE106568F for ; Thu, 4 Jun 2009 14:44:57 +0000 (UTC) (envelope-from j.mckeown@ru.ac.za) Received: from f.mail.ru.ac.za (f.mail.ru.ac.za [IPv6:2001:4200:1010::25:6]) by mx1.freebsd.org (Postfix) with ESMTP id 21CBD8FC1C for ; Thu, 4 Jun 2009 14:44:56 +0000 (UTC) (envelope-from j.mckeown@ru.ac.za) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ru-msa; d=ru.ac.za; h=Received:From:Organization:To:Subject:Date:User-Agent:References:In-Reply-To:X-Face:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-Disposition:Message-Id:X-Virus-Scanned:X-Authenticated-User; b=GO3zl8WXCj2zQgsAh+AFJWJJME5jEh7aQNYcTcf5Ak5pLFCLMHF6Yt56Bw2AzNPJRgUXwkEymDEh2f1Un2+sQj8jxoJnzeO6Cdn1S1TjK2RpSH5ccPV/DpAnmlcL2s0r; Received: from vorkosigan.ru.ac.za ([2001:4200:1010:1058:219:d1ff:fe9f:a932]:65502) by f.mail.ru.ac.za with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1MCEBa-000AKh-Py for freebsd-questions@freebsd.org; Thu, 04 Jun 2009 16:44:54 +0200 From: Jonathan McKeown Organization: Rhodes University To: freebsd-questions@freebsd.org Date: Thu, 4 Jun 2009 16:44:54 +0200 User-Agent: KMail/1.9.10 References: <200906041423.n54ENTTp019247@dc.cis.okstate.edu> In-Reply-To: <200906041423.n54ENTTp019247@dc.cis.okstate.edu> X-Face: $@VrUx^RHy/}yu]jKf/<4T%/d|F+$j-Ol2"2J$q+%OK1]&/G_S9(=?utf-8?q?HkaQ*=60!=3FYOK=3FY!=27M=60C=0A=09aP=5C9nVPF8Q=7DCilHH8l=3B=7E!4?= =?utf-8?q?2HK6=273lg4J=7Daz?=@1Dqqh:J]M^"YPn*2IWrZON$1+G?oX3@ =?utf-8?q?k=230=0A=0954XDRg=3DYn=5FF-etwot4U=24b?=dTS{i X-Virus-Scanned: f.mail.ru.ac.za (2001:4200:1010::25:6) X-Authenticated-User: s0900137 from vorkosigan.ru.ac.za (2001:4200:1010:1058:219:d1ff:fe9f:a932) using auth_plaintext Subject: Re: SetUID/SetGID Kernel Option X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jun 2009 14:44:58 -0000 Hi Martin On Thursday 04 June 2009 16:23:29 Martin McCormick wrote: > I have been asked to enable the following kernel option: > > SetUID/SetGID - Allow directories to inherit their owner from the > parent directory. > > The generic kernel under FreeBSD6.3 is what we presently use on > the system in question and I see no commented-out option for > compilation. You need to add option SUIDDIR To the kernel config. You can find a sample line in /sys/conf/NOTES > We see in the fstab the following: > > # Device Mountpoint FStype Options Dump Pass# > #Default is for no SUIDDIR. > #/dev/mfid0s1a / ufs rw 1 1 > #Living a bit more dangerously, we turned it back on. > /dev/mfid0s1a / ufs rw,SUIDDIR 1 1 > > This looks like it may address the issue, but a test shows that > it does not appear to happen. Once you've recompiled the kernel you also need to use suiddir in the mount options for any filesystem where you want file ownership to be inherited from the directory. It's described in the kernel notes and in the mount manpage as a dangerous option which opens security holes. I notice that you mention setGID as well, which under sysV-derived systems allows file to inherit group ownership from the directory. If that's what's wanted, you don't need to do anything, as the behaviour that's optional on sysV systems like Linux is the default behaviour on FreeBSD. Jonathan