Yungwei Chen wrote:
Hi, I am trying to secure my CentOS file systems by introducing "nodev" to devies defined in /etc/fstab. I learned that "nodev" prevents users from mounting unauthorized devices. However, I can still mount a cdrom to /tmp/cdrom with the following defined in /etc/fstab. Am I missing something?
yes, nodev prevents character and block devices from being interpreted (man mknod) on the file system, rather than preventing someone from mounting a file system on that file system.
nate