[CentOS] Swap Considerations
Rodrigo Barbosa
rodrigob at darkover.org
Tue Feb 27 08:11:24 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, Feb 26, 2007 at 08:48:15PM -0500, Jim Perrin wrote:
>
> >OTOH anything bad you can do with /tmp you can do better with /var/tmp,
> >and making that noexec is not a realistic proposition.
>
> Very true, but applications like apache/php use /tmp as their default
> scratch/upload space.
Thank you by saying "default".
This is one thing I think should be watched carefully. I for one make sure
not only /tmp is mounted noexec, but also that apache can't write to it:
On one of my servers (webserver mainly):
/dev/sda3 on /tmp type ext3 (rw,noexec,nosuid,nodev,acl)
$ getfacl /tmp | grep apache
getfacl: Removing leading '/' from absolute path names
user:apache:---
default:user:apache:---
This kind of setup can save you a world of trouble/headaches.
[]s
- --
Rodrigo Barbosa
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFF4+espdyWzQ5b5ckRAnrFAKClVK3OX1Qz4iv1gDvimZSXzEpezQCgoOP4
NhUnwZL3DxSkfMQjRNlOTbk=
=ATDr
-----END PGP SIGNATURE-----
More information about the CentOS
mailing list