nosuid doesn't prevent chmod u+s












0















I follow a tutorial to secure my /etc/fstab file. This is a certain part about /var and /tmp



UUID=XXXX-XXXX-XXXX /var ext4 defaults,nodev,nosuid,noexec 1 2

UUID=ZZZZ-ZZZZ-ZZZZ /tmp ext4 defaults,nodev,nosuid,noexec 1 2


I executed the following commands to test the configuration :



touch /tmp/testFile

chmod u+s /tmp/testFile


I was expecting an error message but nothing... Is it normal ? Is it dangerous ?






partition fstab chmod automounting







share|improve this question


















  • 1





    Did you check with ls /tmp/testFile if you have SUID on file?

    – Romeo Ninov
    Jan 8 at 14:48
















0















I follow a tutorial to secure my /etc/fstab file. This is a certain part about /var and /tmp



UUID=XXXX-XXXX-XXXX /var ext4 defaults,nodev,nosuid,noexec 1 2

UUID=ZZZZ-ZZZZ-ZZZZ /tmp ext4 defaults,nodev,nosuid,noexec 1 2


I executed the following commands to test the configuration :



touch /tmp/testFile

chmod u+s /tmp/testFile


I was expecting an error message but nothing... Is it normal ? Is it dangerous ?






partition fstab chmod automounting







share|improve this question


















  • 1





    Did you check with ls /tmp/testFile if you have SUID on file?

    – Romeo Ninov
    Jan 8 at 14:48














0












0








0








I follow a tutorial to secure my /etc/fstab file. This is a certain part about /var and /tmp



UUID=XXXX-XXXX-XXXX /var ext4 defaults,nodev,nosuid,noexec 1 2

UUID=ZZZZ-ZZZZ-ZZZZ /tmp ext4 defaults,nodev,nosuid,noexec 1 2


I executed the following commands to test the configuration :



touch /tmp/testFile

chmod u+s /tmp/testFile


I was expecting an error message but nothing... Is it normal ? Is it dangerous ?






partition fstab chmod automounting







share|improve this question














I follow a tutorial to secure my /etc/fstab file. This is a certain part about /var and /tmp



UUID=XXXX-XXXX-XXXX /var ext4 defaults,nodev,nosuid,noexec 1 2

UUID=ZZZZ-ZZZZ-ZZZZ /tmp ext4 defaults,nodev,nosuid,noexec 1 2


I executed the following commands to test the configuration :



touch /tmp/testFile

chmod u+s /tmp/testFile


I was expecting an error message but nothing... Is it normal ? Is it dangerous ?






partition fstab chmod automounting




partition fstab chmod automounting






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Jan 8 at 14:46









AnonymeAnonyme

32




32








  • 1





    Did you check with ls /tmp/testFile if you have SUID on file?

    – Romeo Ninov
    Jan 8 at 14:48














  • 1





    Did you check with ls /tmp/testFile if you have SUID on file?

    – Romeo Ninov
    Jan 8 at 14:48








1




1





Did you check with ls /tmp/testFile if you have SUID on file?

– Romeo Ninov
Jan 8 at 14:48





Did you check with ls /tmp/testFile if you have SUID on file?

– Romeo Ninov
Jan 8 at 14:48










1 Answer
1






active

oldest

votes


















1














nosuid doesn’t prevent setting the bits; it means that they don’t have any effect. (That way, previously-set bits are also rendered ineffective.)



Setting the bits is only dangerous if the file system is later mounted without nosuid; but if anyone has sufficient access to set those bits on your file system, you’ve lost anyway.






share|improve this answer

























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "106"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f493250%2fnosuid-doesnt-prevent-chmod-us%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    1














    nosuid doesn’t prevent setting the bits; it means that they don’t have any effect. (That way, previously-set bits are also rendered ineffective.)



    Setting the bits is only dangerous if the file system is later mounted without nosuid; but if anyone has sufficient access to set those bits on your file system, you’ve lost anyway.






    share|improve this answer






























      1














      nosuid doesn’t prevent setting the bits; it means that they don’t have any effect. (That way, previously-set bits are also rendered ineffective.)



      Setting the bits is only dangerous if the file system is later mounted without nosuid; but if anyone has sufficient access to set those bits on your file system, you’ve lost anyway.






      share|improve this answer




























        1












        1








        1







        nosuid doesn’t prevent setting the bits; it means that they don’t have any effect. (That way, previously-set bits are also rendered ineffective.)



        Setting the bits is only dangerous if the file system is later mounted without nosuid; but if anyone has sufficient access to set those bits on your file system, you’ve lost anyway.






        share|improve this answer















        nosuid doesn’t prevent setting the bits; it means that they don’t have any effect. (That way, previously-set bits are also rendered ineffective.)



        Setting the bits is only dangerous if the file system is later mounted without nosuid; but if anyone has sufficient access to set those bits on your file system, you’ve lost anyway.







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Jan 8 at 14:54

























        answered Jan 8 at 14:48









        Stephen KittStephen Kitt

        167k24376454




        167k24376454






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Unix & Linux Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f493250%2fnosuid-doesnt-prevent-chmod-us%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -