On 2018/09/21 07:22, Ken M wrote: > On Fri, Sep 21, 2018 at 11:07:55AM +0000, Stuart Henderson wrote: > > > > Given the permissions you showed, the most likely reason would be if > > /usr/local is mounted with the "nosuid" flag. > > > > > > That was the issue, fixed that and locking works perfectly, thank you. > > If I may a quick side question since this stems from my repartitioning of my > /usr mount points. > > I have /usr /usr/local and /usr/ports as separate mount points. local now does > nto have nosuid, should /usr or /usr/ports have or not have that? Right now > /usr > does not but /usr/ports does. To my mind that seems right, but well, as > already > proven in this thread my mind was incorrect on that. > > Ken
/, /usr, and /usr/X11R6 definitely contain programs that need setuid, and /usr/local is likely to in many cases. Other partitions generally don't, so you can mount them with "nosuid". While on the subject of mount options, most things can be "nodev" (exceptions being / and maybe mounts holding chroot jails, for example the mount containing /var/www). I used to like "noexec" for /tmp, but then I spent too long chasing ports regression test failures due to having this restriction, so I got rid of it ..
