search

EESSI / filesystem-layer

Filesystem layer of the EESSI project
https://eessi.github.io/docs/filesystem_layer
GNU General Public License v2.0
7 stars 16 forks source link

setuid binaries in cvmfs #55

Open pescobar opened 3 years ago

pescobar commented 3 years ago

Hi,

I am opening this issue as requested by @boegel just to keep track of this doubt for others and maybe for the EESSI docs.

I was not sure how setuid binaries are handled by cvmfs and checking the cvmfs docs I found this:

CVMFS_SUID If set to yes, enable suid magic on the mounted repository. Requires mounting as root.

According to official docs setuid binaries in cvmfs are disabled by default. To enable setuid you need to use CVMFS_SUID=yes and mount the cvmfs file system as root

boegel commented 3 years ago

This question may come back, so it makes sense to have this on record.

I couldn't find something with quick search with "setuid", but searching with "suid" is better.

@jblomer: Maybe it's worth adding a section on this at https://cvmfs.readthedocs.io/en/stable/apx-security.html ?