Hello,
I am fixing up a system for someone and they did not make a separate partition for /tmp...but I want to make it noexec, nosuid.
I came across a site that said I could skip all the mount/unmount and new partition stuff (which would probably include downsizing a lvm to make room for it)... by adding this in fstab
/tmp /tmp bind nosuid,noexec,bind 0 0
and then reboot... There is no /tmp in their fstab at the moment and I am afraid to test this.... Is this a correct workaround to mount that folder as noexec? OR was this site wrong?
Hi,
On Thursday, June 7, 2012 at 2:09 PM, Bob Hoffman wrote:
Hello,
I am fixing up a system for someone and they did not make a separate partition for /tmp...but I want to make it noexec, nosuid.
I came across a site that said I could skip all the mount/unmount and new partition stuff (which would probably include downsizing a lvm to make room for it)... by adding this in fstab
/tmp /tmp bind nosuid,noexec,bind 0 0
and then reboot... There is no /tmp in their fstab at the moment and I am afraid to test this.... Is this a correct workaround to mount that folder as noexec? OR was this site wrong?
That should work.
But maybe it’s better to create a test machine/VM and try it there.
Or, don’t edit your fstab (yet). Just do it live and see if it worked:
# mount --bind /tmp /tmp # mount -o remount,nosuid,noexec /tmp
That way, you know it’ll be back to the old settings when you reboot.
HTH,
-- - Edo - mailto:ml2edwin@gmail.com “May a stranger, and not your own mouth, praise you;
may a foreigner, and not your own lips, do so.”—Pro. 27:2
-
Bob Hoffman -
Edo