How to Apply Security Restrictions (System Administration Guide, Volume 3)

System Administration Guide, Volume 3

How to Apply Security Restrictions

Become superuser.

Create the following entry in the name service auto_master file, either NIS or NIS+:
/home auto_home -nosuid
The nosuid option prevents users from creating files with the setuid or setgid bit set.

This entry overrides the entry for /home in a generic local /etc/auto_master file (see the previous example) because the +auto_master reference to the external name service map occurs before the /home entry in the file. If the entries in the auto_home map include mount options, the nosuid option is overwritten, so either no options should be used in the auto_home map or the nosuid option must be included with each entry.

Note -
Do not mount the home directory disk partitions on or under /home on the server.

© 2010, Oracle Corporation and/or its affiliates