Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Security of /tmp /var/tmp /usr/tmpDSK

Discussion in 'Security' started by Augusto Will, Jan 13, 2015.

  1. Augusto Will

    Augusto Will Active Member

    Joined:
    Sep 9, 2011
    Messages:
    42
    Likes Received:
    4
    Trophy Points:
    58
    cPanel Access Level:
    Root Administrator
    In order to protect the tmp dir, I added this line on /etc/fstab

    tmpfs /dev/shm tmpfs defaults,nodev,nosuid,noexec 0 0
    /dev/hd2/tmp /tmp ext4 defaults,nodev,nosuid,noexec 0 0
    /tmp /var/tmp none rw,noexec,nosuid,nodev,bind 0 0


    This is enought to protect the tmp dir?
    I should put noexec,nosuid,nodev in the home directory as well?

    Thank you.
     
  2. MilesWeb

    MilesWeb Well-Known Member
    PartnerNOC

    Joined:
    May 23, 2012
    Messages:
    173
    Likes Received:
    2
    Trophy Points:
    68
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Twitter:
    I will recommend to add nodev, nosuid, and noexec. To know more, refer Linux Security: Mount /tmp With nodev, nosuid, and noexec Options once.

    Are you using a dedicated server OR a VPS ?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,633
    Likes Received:
    1,787
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello :)

    That's sufficient for your /tmp partition, but I do not suggest making the same changes for your /home partition. The default mount options for /home are generally acceptable, and adding flags such as "noexec" on /home can lead to permission errors.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Augusto Will

    Augusto Will Active Member

    Joined:
    Sep 9, 2011
    Messages:
    42
    Likes Received:
    4
    Trophy Points:
    58
    cPanel Access Level:
    Root Administrator
    These three lines are correct? (About security questions).

    tmpfs /dev/shm tmpfs defaults,nodev,nosuid,noexec 0 0
    /dev/hd2/tmp /tmp ext4 defaults,nodev,nosuid,noexec 0 0
    /tmp /var/tmp none rw,noexec,nosuid,nodev,bind 0 0

    @milesgeek
    Dedicated Server.

    @cPanelMichael
    What kind of permissions errors?

    Thank you.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,633
    Likes Received:
    1,787
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    I don't see any issues with your /tmp mount based on that output.

    For instance, I've seen cases where Apache will not build because /home is mounted "noexec" and Apache is built from /home/cpeasyapache.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice