[TriLUG] Securing /etc/fstab
Jeremy P
jeremyp at pobox.com
Tue Dec 11 16:58:46 EST 2001
On Tue, 11 Dec 2001, Kevin Hunter wrote:
> I was thinking of changing the '*' lines to something like this (
> according to what i've read )
>
> /home ext2 rw,user,usrquota,grpquota,bsdgroups 1 2
>
> /tmp ext2 rw,user 1 2
>
> /var ext2 rw,user 1 2
You should definitely NOT have the "user" option for these filesystems...
"user" means "Allow an ordinary user to mount the file system." You don't
want users mounting/unmounting core filesystems on a server! The "user"
option is only appropriate on workstations for removeable drives, so you
can mount a CD or floppy without su-ing to root.
The default options are just fine... there's a reason they're default --
Also, only enable quotas if you're really using them and really need them;
they slow down the system and have had a lot of bugs lately. I prefer the
sysvgroups option but that's not a security issue per se, just my
preference. (Sysvgroups means default group ownership is determined by
the process unless the sgid bit is turned on for the directory -- this is
the default for Linux. Bsdgroups means the default group ownership always
matches that of the directory. )
--Jeremy
More information about the TriLUG
mailing list