When LIDS is active, my file systems won unmount during shutdown. What do I do?
This happens when you have disabled the CAP_SYS_ADMIN capability globally and have not given the proper authority to unmount your file systems to your shutdown script(s). For example, on Red Hat 6.2, the /etc/rc.d/init.d/halt script unmounts your file systems. You must give it the CAP_SYS_ADMIN capability so it can unmount your file systems: bash# lidsconf -A -s /etc/rc.d/init.d/halt -o CAP_SYS_ADMIN -i 1 -j GRANT The target “GRANT” tells LIDS to grant the subject (/etc/rc.d/init.d/halt in this case) the CAP_SYS_ADMIN capability. The “-i 1” option sets the “inheritance level” of the ACL to 1. Beware that this also allows anyone who can execute your /etc/rc.d/init.d/halt script to unmount your file systems. If you have physical access to your box, you may just want to turn off LIDS_GLOBAL before shutting down your system rather than grant capabilities to your shutdown scripts. However, if you have a UPS that can shutdown your system in case of power failure, you may not be around to dis
