multiple partitions - useful mount options for extra security
jan.listbox at belvento.org
Wed Dec 13 23:51:49 PST 2000
Greets LFSers! Any opinions or thoughts on the following topic?
There are, of course, some non-default mount options that you can use
when mounting partitions that (can|may|might) help improve system
security. In particular, I think of the nosuid option... Does anyone else
use these or have thoughts on their use? See example below:
<cut from /etc/fstab>
/dev/hda1 / ext2 defaults 1 1
# -- swaps --
/dev/hdb11 swap swap defaults 0 0
/dev/hda2 swap swap defaults 0 0
# -- necessary filesystems for a fully functional system --
/dev/hda3 /tmp ext2 defaults,nosuid 1 2
/dev/hda5 /usr ext2 defaults 1 2
/dev/hdb10 /mnt.sources reiserfs defaults 1 2
/dev/hda6 /opt ext2 defaults 1 2
/dev/hdb12 /home reiserfs defaults,nosuid 1 2
/dev/hda7 /var ext2 defaults 1 2
</cut from /etc/fstab>
I use nosuid only on /tmp and /home right now. I think you can't use this
option on / or /usr . I haven't tried though because I'm almost certain
it would cause problems on these filesystems for obvious reasons...
imho, nosuid seems a good choice on the likes of /tmp and /home . I have
not had one problem related to its usage.
Ta for now,
Why should I build an LFS System, oh Great One?
To understand security, my son, you must build it "From Scratch" so you
know what is before you. Then the understanding of security will flow
like water into your hands.
More information about the lfs-security