How do I mount /tmp partition with 'noexec' option.

Article ID: 1410 
Last Review: Oct,6 2008
Author:
Last updated by: system APPLIES TO:
  • Parallels Plesk for Linux/Unix

Resolution

It is recommended to create /tmp as separate partition and mount it with 'noexec' and 'nosuid' options.

'noexec' disables the executable file attribute within an entire filesystem, effectively preventing any files within that filesystem from being executed.

'nosuid' disables the SUID file-attribute within an entire filesystem. This prevents SUID attacks on, say, the /tmp filesystem.

- If /tmp is a separate partition on the server, you only need to edit /etc/fstab and add 'noexec' and 'nosuid' options for /tmp. Then remount the partition.

- If /tmp directory resides on / partition, it is better to create new partition for /tmp, for example with size 512 M:

# mkdir /filesystems
# dd if=/dev/zero of=/filesystems/tmp_fs seek=512 count=512 bs=1M
# mkfs.ext3 /filesystems/tmp_fs


- Add the string into /etc/fstab:
/filesystems/tmp_fs /tmp ext3 noexec,nosuid,loop 1 1

- Move current /tmp directory content to another location.

- Mount new /tmp partition:

# mount /tmp


- Move content from old /tmp directory to the new one.
Keywords: security hack /tmp noexec nosuid hackers server


Subscription for this article changesSubscription for this article changes

Please provide feedback on this article

Did this article help you solve your issue?
Yes
No
Partially
I do not know yet
 
Strongly Agree   Strongly Disagree
  9 8 7 6 5 4 3 2 1
The article is easy to understand
The article is accurate
Additional Comments:
*Please provide us with your email address in case we need to contact you.
* - required fields