multiple partitions - useful mount options for extra security

J.A. Neitzel jan.listbox at belvento.org
Wed Dec 13 23:51:49 PST 2000


Greets LFSers! Any opinions or thoughts on the following topic?

There are, of course, some non-default mount options that you can use 
when mounting partitions that (can|may|might) help improve system 
security. In particular, I think of the nosuid option... Does anyone else 
use these or have thoughts on their use? See example below:

<cut from /etc/fstab>
/dev/hda1       /               ext2            defaults        1 1

# -- swaps --
/dev/hdb11      swap            swap            defaults        0 0
/dev/hda2       swap            swap            defaults        0 0

# -- necessary filesystems for a fully functional system --
/dev/hda3       /tmp            ext2            defaults,nosuid 1 2
/dev/hda5       /usr            ext2            defaults        1 2
/dev/hdb10      /mnt.sources    reiserfs        defaults        1 2
/dev/hda6       /opt            ext2            defaults        1 2
/dev/hdb12      /home           reiserfs        defaults,nosuid 1 2
/dev/hda7       /var            ext2            defaults        1 2
</cut from /etc/fstab>

I use nosuid only on /tmp and /home right now. I think you can't use this 
option on / or /usr . I haven't tried though because I'm almost certain 
it would cause problems on these filesystems for obvious reasons...

imho, nosuid seems a good choice on the likes of /tmp and /home . I have 
not had one problem related to its usage.
-- 
Ta for now,
Jeff
Why should I build an LFS System, oh Great One?
To understand security, my son, you must build it "From Scratch" so you 
know what is before you. Then the understanding of security will flow 
like water into your hands.





More information about the lfs-security mailing list