Solved Doubts about ZFS dataset properties setuid and exec.

Hi all, I'm a newbie looking for an answer I've not found:
I'm trying to block executable files running in a ZFS dataset. So I set setuid=off and exec=off in a data ZFS dataset

Code:
root@LUNA:/opt/test # zfs get setuid,exec DEPO_LUNA/data/test
NAME                 PROPERTY  VALUE   SOURCE
DEPO_LUNA/data/test  setuid    off     inherited from DEPO_LUNA/data
DEPO_LUNA/data/test  exec      off     inherited from DEPO_LUNA/data

But when I execute a simple 'program' script:

Code:
root@LUNA:/opt/test # ls
program
root@LUNA:/opt/test # csh program
hello world

It runs ok; Maybe I don't understand the real meaning of setuid/exec;

Thank you for help or tell me where I can found info;
 
The executable you run is csh, not that script called "program", that's just data for the shell.

What probably won't work is adding a shebang (#!/usr/bin/csh), setting permissions to executable and starting the script directly.

That said, don't script with csh, always use a POSIX/bourne shell for that.
 
You didn't execute a script there, you started csh and then told that process to handle the script for you. Try executing the script instead: ./program and you'll see soon enough.
 
That's true:

Code:
root@LUNA:/opt/test # ./program
./program: Permission denied.

Thank you very much; that solved my newbie questions.
 
Back
Top