The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Security of /tmp /var/tmp /usr/tmpDSK

Discussion in 'Security' started by Augusto Will, Jan 13, 2015.

  1. Augusto Will

    Augusto Will Member

    Joined:
    Sep 9, 2011
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    In order to protect the tmp dir, I added this line on /etc/fstab

    tmpfs /dev/shm tmpfs defaults,nodev,nosuid,noexec 0 0
    /dev/hd2/tmp /tmp ext4 defaults,nodev,nosuid,noexec 0 0
    /tmp /var/tmp none rw,noexec,nosuid,nodev,bind 0 0


    This is enought to protect the tmp dir?
    I should put noexec,nosuid,nodev in the home directory as well?

    Thank you.
     
  2. MilesWeb

    MilesWeb Well-Known Member
    PartnerNOC

    Joined:
    May 23, 2012
    Messages:
    174
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    India
    cPanel Access Level:
    Root Administrator
    I will recommend to add nodev, nosuid, and noexec. To know more, refer Linux Security: Mount /tmp With nodev, nosuid, and noexec Options once.

    Are you using a dedicated server OR a VPS ?
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,667
    Likes Received:
    646
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    That's sufficient for your /tmp partition, but I do not suggest making the same changes for your /home partition. The default mount options for /home are generally acceptable, and adding flags such as "noexec" on /home can lead to permission errors.

    Thank you.
     
  4. Augusto Will

    Augusto Will Member

    Joined:
    Sep 9, 2011
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    These three lines are correct? (About security questions).

    tmpfs /dev/shm tmpfs defaults,nodev,nosuid,noexec 0 0
    /dev/hd2/tmp /tmp ext4 defaults,nodev,nosuid,noexec 0 0
    /tmp /var/tmp none rw,noexec,nosuid,nodev,bind 0 0

    @milesgeek
    Dedicated Server.

    @cPanelMichael
    What kind of permissions errors?

    Thank you.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,667
    Likes Received:
    646
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    I don't see any issues with your /tmp mount based on that output.

    For instance, I've seen cases where Apache will not build because /home is mounted "noexec" and Apache is built from /home/cpeasyapache.

    Thank you.
     
Loading...

Share This Page