To increase security when automatically mounting file systems, you might want to configure the auto_home or auto.home NIS map to prevent users from switching their user or group identity. You can prevent users from mounting file systems with a different user context by specifying the nosuid option.
To set the nosuid option in the auto_home or auto.home NIS map:
- Open Access Manager to import or create a NIS map to be stored in Active Directory.
- Expand the appropriate zone and the UNIX Data node to display NIS Maps.
- Select NIS Maps, right-click, then click New > Automount.
- Type auto.home or auto_home as the map name, then click OK.
- Select the new map, right click, then click New> Map entry to add a new individual map record.
-
Set the fields in the map record similar to this to enable mounting of home directories with the nosuid option for all users in a zone:
Name: *
Network Path: homeservername:/home/&
Options: -nosuidYou can use a similar approach to specify other or additional mount options—such as noexec and nodev—to the map entry.
Doc Feedback