The mount(1M) command can be used with the -o option followed by one of four protection options. The options are also valid in the vfstab(4) file. Some options can be used to protect the data on the file system being mounted, while others prevent a Trojan Horse attack initiated from the mounted file system. The mount restrictions shown in the following table are supported on all file system types. The Default Values column shows the values used when no option is specified.
Table 9-5 Mount Restrictions, Default Values
Description |
Default Value |
Alternate Value |
---|---|---|
Disallow write operations |
rw |
ro |
Ignore set user id bits on executables |
suid |
nosuid |
Ignore forced privilege sets on executables |
priv |
nopriv |
Disallow opens on device special files, preventing the use of devices from non-standard directory locations |
devices |
nodevices |
The ro and suid options to disallow writes and ignore set user ID bits are available in the Solaris version of the mount command.