Go Back   Singapore Web Hosting Talk > LEARNING CENTER > Server Administration

Server Administration General dedicated servers administration topics.

Thread Tools
Old 29-07-2004, 22:09   #1
SGWHT Premium Member
Join Date: 24-07-2003
Location: Singapore
Posts: 1,541
shawnho is a jewel in the roughshawnho is a jewel in the roughshawnho is a jewel in the roughshawnho is a jewel in the rough
HOWTO - Mount /tmp with noexec, nosuid, nodev

This guide is for those people whose /tmp is not mounted in its own partition and you want to refrain people using /tmp to abuse or compromise your system.

Step 1: Gain root access to your server.

Step 2: Check your system /etc/fstab file to ensure there is no /tmp mounting option.

cat /etc/fstab | grep /tmp

Step 3: Create a file that we will use to mount at /tmp.

Change your current working directory to /dev.

 cd /dev

Create 100MB file for our /tmp partition. If you need more space, make count size larger.

 dd if=/dev/zero of=tmpMnt bs=1024 count=100000

Make an extended filesystem for our tmpMnt file.

mke2fs /dev/tmpMnt

Step 4: Backup your /tmp directory.
cd /
cp -R /tmp /tmp_backup

Step 5: Take note of the ownership of those files in /tmp directory.
ls -al /tmp
total 196
drwxrwxrwt 6 root root 12288 Sep 17 19:40 .
drwxr-xr-x 29 root root 4096 Sep 17 19:40 ..
drwxrwxrwt 2 xfs xfs 4096 Jul 9 2002 .font-unix
srwxrwxrwx 1 root root 0 Aug 21 14:53 .qmail-qread
srwxrwxrwx 1 root root 0 Aug 21 14:53 .qmail-qstat
-rw------- 1 apache apache 1453 Sep 17 13:42 sess_14430570035b5d63dfdd3a27d4f61f97
-rw------- 1 apache apache 18012 Sep 17 11:59 sess_44ed9ae94f17adb5eddd4e134fb4e08b
-rw------- 1 apache apache 82458 Sep 17 19:29 sess_8eebd968ab581fd308cefd8815bc4b06
-rw------- 1 apache apache 34934 Sep 17 16:07 sess_996fc03b8cf393b9ececf34c8a9d4fb2
-rw------- 1 apache apache 656 Sep 17 14:06 sess_9a4bf568ed741bc6a198e5281929d9fc
-rw------- 1 apache apache 1453 Sep 17 12:16 sess_b7aa7f9856ffd5168760d5d23c432919
-rw------- 1 apache apache 4548 Sep 17 12:21 sess_f8a87a3f8449b2959ae6c369dc2dbf77
-rw------- 1 root root 0 Sep 17 19:21 session_mm_apache0.sem
drwx------ 2 root root 4096 Jul 12 2002 ssh-XXHpPJi9
drwx------ 2 root root 4096 Jul 16 2002 ssh-XXkpNabM
drwx------ 2 root root 4096 Aug 15 2002 ssh-XXPX4k06
Step 6: Modify /etc/fstab file and add /tmp mounting option.

/dev/tmpMnt /tmp ext2 loop,nosuid,noexec,nodev,noatime,rw 0 0

Step 7: Mount the new /tmp filesystem with noexec etc.

mount -o loop,nosuid,noexec,nodev,noatime,rw /dev/tmpMnt /tmp

Step 8: Chmod 1777 /tmp.

chmod 1777 /tmp

Step 9: Check any error for /etc/fstab mounting option in /etc/fstab file.

mount -o remount /tmp

Step 10: Copy everything back from /tmp_backup to new /tmp.

cp -R /tmp_backup/* /tmp/

Step 11: Verify the files in the new /tmp directory and remove the backup directory.
ls -al /tmp
rm -rf /tmp_backup

Step 12: Change ownership or whatever if those files in /tmp changed as compared in step 5. Use the below as an example.

chown owner:group /tmp/file

Step 13: Remove /var/tmp and create a symlink to /tmp.
rm -rf /var/tmp
ln -s /tmp /var/tmp

HOWTO courtesy of Choon
shawnho is offline   Reply With Quote

Old 29-01-2010, 16:13   #2
SGWHT Newbie
Join Date: 28-01-2010
Location: Singapore
Posts: 48
WebhostingCS is on a distinguished road
Great HowTo... keep it coming...!

iNeXT Team
Submit A Ticket - https://inext.ph/whmcs/submitticket.php
Knowledge Base - https://inext.ph/whmcs/knowledgebase.php
Facebook - https://www.facebook.com/inext.ph
Twitter - https://twitter.com/inextph
WebhostingCS is offline   Reply With Quote
Old 15-05-2010, 20:30   #3
SGWHT Newbie
Join Date: 28-01-2010
Posts: 19
vheeds is on a distinguished road
Hello Shawnho,

Good work! This will definitely help the newbies.
Stephan V
►A Quality WebHosting and Datacenter support.
►Email: sales@vheeds.com
►Read the latest technology news @ http://blog.vheeds.com
►Exclusive Introductory Offer! Server Hardening - $ 20 only | Dedicated Server Support - $500 only | Contact us today and avail these offers.
vheeds is offline   Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT +8. The time now is 23:40.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Copyright (C) 2002-2015 Brought to you by Singapore Web Hosting Talk (SGWHT). All Rights Reserved.