As we mentioned previously, you don't want users to assign SUID and SGID to files that they create, because of the security risk that it presents. You can prevent SUID and SGID usage on a partition by mounting it with the nosuid option. So, the /etc/fstab file entry for the luks partition that I created in the previous chapter would look like this:

/dev/mapper/luks-6cbdce17-48d4-41a1-8f8e-793c0fa7c389 /secrets   xfs  nosuid  0 0

Different Linux distributions have different ways of setting up default partition schemes during an operating system's installation. Mostly, the default way of doing business is to have all the directories, except for the /boot directory, under the / partition. If you were to set up a custom partition scheme instead, you could have the /home directory in its own partition, where you could set the nosuid option. Keep in mind that you don't want to set nosuid for the / partition; otherwise, you'll have an operating system that doesn't function properly.