Creating and Using Oracle® Solaris Zones

Exit Print View

Updated: May 2015

The –o nosuid Option

The –o nosuid option to the mount utility has the following functionality:

  • Processes from a setuid binary located on a file system that is mounted using the nosetuid option do not run with the privileges of the setuid binary. The processes run with the privileges of the user that executes the binary.

    For example, if a user executes a setuid binary that is owned by root, the processes run with the privileges of the user.

  • Opening device-special entries in the file system is not allowed. This behavior is equivalent to specifying the nodevices option.

This file system-specific option is available to all Oracle Solaris file systems that can be mounted with mount utilities, as described in the mount (1M) man page. In this guide, these file systems are listed in Mounting File Systems in Zones. Mounting capabilities are also described. For more information about the –o nosuid option, see Chapter 7, Accessing Network File Systems, in Managing Network File Systems in Oracle Solaris 11.2 .