[CentOS] Tmp directory and sticky
bob at bobhoffman.com
Mon Sep 15 20:41:42 UTC 2008
> Then there must be something wrong with your install, because
> all stock installs of CentOS I have done so far will create
> /tmp as sticky directory.
> > B- still executable
> You mean permissions? chmod +x? Because it is supposed to
> have executable permissions.
Perhaps my winscp undid the sticky. Even now when I view permissions with
winscp the sticky is blank. If I check the box and change it, then go to the
shell and pull up permissions, sticky is gone. So perhaps my winscp is
configured wrong or just does not work with the extra chmods of sticky and
perhaps suid and the such.
Executable meaning noexec and all that. I added the line in my etc/fstab and
I would assume it is fine. But it was not installed that way.
/dev/VolGroup00/LogVol00 /tmp ext3 loop,noexec,nosuid,rw 0 0
Of course it is on a separate partition. I want to make the server secure as
I can on that part. Keeping people from executing stuff and overloading temp
is a prime concern.
> logvol /tmp --vgname=raidvol --name=tmp --size=4096
> --fstype=ext3 --fsoptions="nodev,nosuid,noexec"
> I'm still concerned with the fact that you said on your
> install it was not sticky, because on all my installs, even
> if I create /tmp as a different filesystem with fsoptions, it
> is created as a sticky directory. Could you re-check that please?
I wish there was a way to recheck without a fresh install. Perhaps cause I
mounted it on a new partition, perhaps playing with permissions I did it.
Heck, I am concerned that the tmp directory is executable.. 1777 without the
noexec and stuff.. That is something most new users would not know about. I
think that is a very important security step to button the server up... As
far as I know.
I will be doing a fresh install in a few months when I can afford a new
computer, to build a detailed how to, and will post if it was not sticky or
More information about the CentOS