It is recommended to create /tmp as separate partition and mount it with ‘noexec’ and ‘nosuid’ options.
‘noexec’ disables the executable file attribute within an entire
filesystem, effectively preventing any files within that filesystem
from being executed.
‘nosuid’ disables the SUID file-attribute within an entire filesystem.
This prevents SUID attacks on, say, the /tmp filesystem.
– If /tmp is a separate partition on the server, you only need to edit
/etc/fstab and add ‘noexec’ and ‘nosuid’ options for /tmp. Then
remount the partition.
– If /tmp directory resides on / partition, it is better to create new partition for /tmp, for example with size 512 M:
| # mkdir /filesystems # dd if=/dev/zero of=/filesystems/tmp_fs seek=512 count=1 bs=1M # mkfs.ext3 /filesystems/tmp_fs |
– Add the string into /etc/fstab:
/filesystems/tmp_fs /tmp ext3 noexec, nosuid, loop 1 1
– Move current /tmp directory content to another location.
– Mount new /tmp partition:
| # mount /tmp |
– Move content from old /tmp directory to the new one.
You must be logged in to post a comment.