[TriLUG] Securing /etc/fstab
Jeremy P
jeremyp at pobox.com
Tue Dec 11 17:10:33 EST 2001
On Tue, 11 Dec 2001, Kevin Hunter wrote:
> >Why would you want to have these user mountable? Or are you using
> the
> >user option to stand for "noexec,nosuid,nodev" (which it implies)?
>
> I was shooting for the "noexec,nosuid,nodev" part. I don't like the
> user mountable part either, but it turns off some other options for
> me.
Well just put "noexec,nosuid,nodev" then. That will work just fine and
won't allow the fs to be user-mountable.
Doesn't "nosuid" also turn off the sticky bit? If so that would be a bad
idea for /tmp. Those options might also interfere with programs that like
to create Unix socket files in /tmp.
Also, you don't want "noexec" set for /home; otherwise users won't be able
to run their own binaries. Are you really trying to be that draconian?
I suppose that depending on your users it might be acceptable (you'd want
to put YOUR home directory somewhere other than /home in that situation).
--Jeremy
More information about the TriLUG
mailing list