Date: Tue, 11 Jun 2019 13:56:59 +0100 From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-questions@freebsd.org Subject: Re: Daily Security is compiling about my backup drive Message-ID: <b4d5f1fc-b0f4-d561-ba68-c1c24555ebf1@FreeBSD.org> In-Reply-To: <184B84B0-C4F9-4DC5-9F55-98B26422EE37@kreme.com> References: <D49BD090-6325-4918-A8D7-90BB28BA714F@kreme.com> <184B84B0-C4F9-4DC5-9F55-98B26422EE37@kreme.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11/06/2019 13:36, @lbutlr wrote: > On May 31, 2019, at 6:09 AM, @lbutlr <kremels@kreme.com> wrote: >> The Daily Security update email that FreeBS generates is reporting a lot of error on my /mnt/backup drive (like setuid errors). Is there a way to let the periodic process ignore this mount point? > > I’ve been looking for information on how to do this, and have come up empty. > > It’s about 1000 lines every day. > > /etc/periodic/security/100.chksetuid is the file that runs the check, but I am hesitant to edit the file. > > I can disable the check entirely > > /etc/defaults/periodic.conf:security_status_chksetuid_enable=“YES" > > But I only want to exclude /mnt/backup from the check. It appears the only thing I could do is exclude /usr/local/bin from my backups (which I can’t do as many of those executables are custom local binaries and scripts) or to edit the 100.chksetuid file and set $MP manually. > If you mount your backup drive nosuid then 100.chksetuid will ignore it. IIRC you can still set the suid bit on a file, but mounting the filesystem nosuid means it will have no effect. Cheers, Matthew
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b4d5f1fc-b0f4-d561-ba68-c1c24555ebf1>