Solaris Troubleshooting NFS : error “setuid execution not allowed”

To prevent network break-ins, the “-nosuid” option is used in  “/etc/vfstab” and the “/etc/auto*” configuration files  used for NFS mounting filesystems.
In “/var/adm/messages”, (the system log files),  the following type of message appears frequently:

“Date machinename enterprise: save,uid 0:setuid execution not allowed”


Below steps to investigate the cause of the error message:

1.   Create a script file “myscript”. Make sure you set the setuid bit, “s”,  for permissions on the user triplet:

For example:  –rwsr–r–

2.  Invoke either a Bourne or CShell as the first line of script:

Example:

#!/bin/csh -f

OR

#!/bin/sh -p

3.    Add an echo statement or two. For example:

echo “Hello World”

echo “I am leaving this Script”

4.  “cd” to one of the NFS-mounted directories which are mounted with the “nosuid” option.

5.   execute the script For example:

#./myscript

If the script fails with the “setuid execution not allowed” error, this means some process is running or someone is trying to run “setuid” programs from within these NFS-mounted directories. Determine which user(s) is/are involved and take measures to prevent them from trying to run “setuid” executables, or do not use the “nosuid” option.

Ramdev

Ramdev

I have started unixadminschool.com ( aka gurkulindia.com) in 2009 as my own personal reference blog, and later sometime i have realized that my leanings might be helpful for other unixadmins if I manage my knowledge-base in more user friendly format. And the result is today's' unixadminschool.com. You can connect me at - https://www.linkedin.com/in/unixadminschool/

1 Response

  1. September 18, 2015

    […] Read – error “setuid execution not allowed” […]

What is in your mind, about this post ? Leave a Reply

Close
  Our next learning article is ready, subscribe it in your email

What is your Learning Goal for Next Six Months ? Talk to us