Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

5.16. Control mounting a file system

You can have more control on mounting a file system like /home and /tmp partitions with some nifty options like noexec, nodev, and nosuid. This can be setup in the /etc/fstab text file. The fstab file contains descriptive information about the various file systems mount options; each line addresses one file system. Details regarding to security options in the fstab text file are:

defaults: Allow everything quota, read-write, and suid on this partition.

noquota: Do not set users quotas on this partition.

nosuid: Do not set SUID/SGID access on this partition.

nodev: Do not set character or special devices access on this partition.

noexec: Do not set execution of any binaries on this partition.

quota: Allow users quotas on this partition.

ro: Allow read-only on this partition.

rw: Allow read-write on this partition.

suid: Allow SUID/SGID access on this partition.

For more information on options that you can set in this file fstab, see the man pages about mount(8).

Edit the fstab file vi /etc/fstab and change it depending on your needs. For example:
             /dev/sda11	        /tmp		ext2	defaults        1 2
             /dev/sda6		/home		ext2	defaults        1 2
             
To read:
             /dev/sda11 	/tmp 		ext2 	defaults,rw,nosuid,nodev,noexec	1 2
             /dev/sda6 	        /home 		ext2 	defaults,rw,nosuid,nodev	1 2
             

nosuid, Meaning do not allow set-user-identifier or set-group-identifier bits to take effect,
nodev, do not interpret character or block special devices on this file system partition,
noexec, do not allow execution of any binaries on the mounted file system.

Take a note that we have added the rw option to the modified lines above. This is because the default options for these lines are defaults, which means to set quota, read-write, and suid, so we must add the rw option to continue having read-write access on these modified file systems. For our example above, the /dev/sda11 represent our /tmp directory partition on the system, and /dev/sda6 the /home directory partition. Of course this will be not the same for you, depending on how you have partitioned your hard disk and what kind of disks are installed on your system, IDE -hda, hdb, etc or SCSI -sda, sdb, etc.

Once you have made the necessary adjustments to the /etc/fstab file, it is time to makethe Linux system aware about the modification. This can be accomplished with the following commands:
             [root@deep] /#mount -oremount /home/
             [root@deep] /#mount -oremount /tmp/
             

Each file system that has been modified must be remounted with the command show above. In our example we have modified the /home/, and /tmp/ file system and it is for this reason that we remount these file system with the above commands.

 
 
  Published under the terms of the Open Publication License Design by Interspire