secmodel_suser implements the traditional
super-user (root) as the user with effective user-id 0. The
super-user is the host administrator, considered to have higher privileges than other users.
The following
sysctl(3) variables are exported:
security.models.suser.curtain
If non-zero, will filter returned objects according to the user-id requesting information about them, preventing from users any access to objects they don't own.
At the moment, it affects
ps(1),
netstat(1) (for
PF_INET,
PF_INET6, and
PF_UNIX PCBs), and
w(1).
security.models.suser.usermount
Allow non-superuser mounts.
If non-zero, file-systems are allowed to be mounted by an ordinary user who owns the point
node and has at least read access to the
special device
mount(8) arguments. Finally, the flags
nosuid and
nodev must be given for non-superuser mounts.