SECMODEL_SUSER(9) NetBSD Kernel Developer's Manual SECMODEL_SUSER(9)

NAME

secmodel_susersuper-user security model

DESCRIPTION

secmodel_suser implements the traditional super-user (root) as the user with effective user-id 0. The super-user is the host administrator, considered to have higher privileges than other users.

The following sysctl(3) variables are exported:

security.models.suser.curtain
If non-zero, will filter returned objects according to the user-id requesting information about them, preventing from users any access to objects they don't own.

At the moment, it affects ps(1), netstat(1) (for PF_INET, PF_INET6, and PF_UNIX PCBs), and w(1).

security.models.suser.usermount
Allow non-superuser mounts.

If non-zero, file-systems are allowed to be mounted by an ordinary user who owns the point node and has at least read access to the special device mount(8) arguments. Finally, the flags nosuid and nodev must be given for non-superuser mounts.

SEE ALSO

kauth(9), secmodel(9), secmodel_bsd44(9)

AUTHORS

Elad Efrat <elad@NetBSD.org>
October 2, 2009 NetBSD 5.99