/[gentoo]/xml/htdocs/doc/en/security/shb-mounting.xml
Gentoo

Diff of /xml/htdocs/doc/en/security/shb-mounting.xml

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.2 Revision 1.3
1<?xml version='1.0' encoding='UTF-8'?> 1<?xml version='1.0' encoding='UTF-8'?>
2<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-mounting.xml,v 1.2 2005/06/01 17:42:46 neysx Exp $ --> 2<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-mounting.xml,v 1.3 2006/09/18 09:22:48 neysx Exp $ -->
3<!DOCTYPE sections SYSTEM "/dtd/book.dtd"> 3<!DOCTYPE sections SYSTEM "/dtd/book.dtd">
4 4
5<!-- The content of this document is licensed under the CC-BY-SA license --> 5<!-- The content of this document is licensed under the CC-BY-SA license -->
6<!-- See http://creativecommons.org/licenses/by-sa/1.0 --> 6<!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
7 7
20options are: 20options are:
21</p> 21</p>
22 22
23<ul> 23<ul>
24<li> 24<li>
25 <c>nosuid</c> - Will ignore the SUID bit and make it just like an ordinary 25 <c>nosuid</c> - Will ignore the SUID bit and make it just like an ordinary
26 file 26 file
27</li> 27</li>
28<li> 28<li>
29 <c>noexec</c> - Will prevent execution of files from this partition 29 <c>noexec</c> - Will prevent execution of files from this partition
30</li> 30</li>
61</note> 61</note>
62 62
63<note> 63<note>
64I do not set <path>/var</path> to <c>noexec</c> or <c>nosuid</c>, even if files 64I do not set <path>/var</path> to <c>noexec</c> or <c>nosuid</c>, even if files
65normally are never executed from this mount point. The reason for this is that 65normally are never executed from this mount point. The reason for this is that
66qmail is installed in <path>/var/qmail</path> and must be allowed to execute 66qmail is installed in <path>/var/qmail</path> and must be allowed to execute
67and access one SUID file. I setup <path>/usr</path> in read-only mode since I 67and access one SUID file. I setup <path>/usr</path> in read-only mode since I
68never write anything there unless I want to update Gentoo. Then I remount the 68never write anything there unless I want to update Gentoo. Then I remount the
69file system in read-write mode, update and remount again. 69file system in read-write mode, update and remount again.
70</note> 70</note>
71 71
72<note> 72<note>
73Even if you do not use qmail, Gentoo still needs the executable bit set on 73Even if you do not use qmail, Gentoo still needs the executable bit set on
74<path>/var/tmp</path> since ebuilds are made here. But an alternative path can 74<path>/var/tmp</path> since ebuilds are made here. But an alternative path can
75be setup if you insist on having <path>/var</path> mounted in <c>noexec</c> 75be setup if you insist on having <path>/var</path> mounted in <c>noexec</c>
76mode. 76mode.
77</note> 77</note>
78 78

Legend:
Removed from v.1.2  
changed lines
  Added in v.1.3

  ViewVC Help
Powered by ViewVC 1.1.20