what is nosuid, noexec & nodevel??

coolblue · 03-14-2005, 06:20 AM

What is the meaning of:

nosuid, noexec, nodevel (and other stuff like that)???

Why are the above implemented and HOW can they be implemented??

Thanks
CoolBlue

harken · 03-14-2005, 06:43 AM

From "mount"'s man pages:

Quote:

NAME
mount - mount a file system
....................................................
-o Options are specified with a -o flag followed by a comma sepa-
rated string of options. Some of these options are only useful
when they appear in the /etc/fstab file. The following options
apply to any file system that is being mounted (but not every
file system actually honors them - e.g., the sync option today
has effect only for ext2, ext3 and ufs):
...................................................................
nodev Do not interpret character or block special devices on
the file system.

noexec Do not allow execution of any binaries on the mounted
file system. This option might be useful for a server
that has file systems containing binaries for architec-
tures other than its own.

nosuid Do not allow set-user-identifier or set-group-identifier
bits to take effect. (This seems safe, but is in fact
rather unsafe if you have suidperl(1) installed.)

If you ment something else please let me know.

coolblue · 03-14-2005, 09:07 AM

Dear Sir
Thanks a lot...but
I hardly understood what u said

Could u explain in pure-newbie terms??
Why are these used? For faster bootup??

Thanks a lot.

Take care
Coolblue

harken · 03-14-2005, 10:58 AM

Ok, first I'll quote again from man mount:

Quote:

All files accessible in a Unix system are arranged in one big tree, the
file hierarchy, rooted at /. These files can be spread out over sev-
eral devices. The mount command serves to attach the file system found
on some device to the big file tree. Conversely, the umount(8) command
will detach it again.

The standard form of the mount command, is
mount -t type device dir
This tells the kernel to attach the file system found on device (which
is of type type) at the directory dir. The previous contents (if any)
and owner and mode of dir become invisible, and as long as this file
system remains mounted, the pathname dir refers to the root of the file
system on device.

In newb terms: your harddisk(s) partition(s) have to respect some "rules" in order to be able to read/write from/to them. These rules are making together what is called a filesystem (i.e. WinXP uses the NTFileSystem=NTFS, Linux uses the ext2, ext3, reiserfs, etc. filesystems, other OSs use their filesystems as well, the CDs use the ISO9660/UDF filesystem, etc.).
The final goal of these filesystems is to organize the data on harddisks (as well as other storage media) in what you know as files and directories (folders) and make them available to you.
Now, to be able to actually "see" and use the files/folders on the storage media you must mount them, that is to tell the OS to "link" these medias to itself (the man page is quite descriptive).

And back to what you asked in your first post, the nosuid, noexec and others are options which you can pass to the mount command (which performs the actual mounting). For example, if you mount a drive with the noexec option you still can read a document, watch a movie, etc. but you will not be able to run any program (executable) that resides on it.
And no, these options don't affect the bootup speed.

I suggest you do some reading on filesystems in Linux as it's an quite extensive topic and you can start here: http://www.linux.org/lessons/beginner/l4/lesson4b.html and you could read the whole course: http://www.linux.org/lessons/beginner/toc.html as well.
Here are some more links:
http://www.tldp.org/LDP/intro-linux/html/index.html
http://www.tldp.org/HOWTO/Filesystems-HOWTO.html
http://www.tldp.org/HOWTO/HOWTO-INDEX/categories.html

Have a nice reading!