How to secure the /tmp partition on a VPS with noexec,nosuid option?

On a VPS, there are 2 ways to mount OR secure /tmp and /var/tmp partitions with the noexec,nosuid option. One way is to mount these partitions from the Host Node (hosting provider can do this) and the other way is to mount them from within the VPS.

1) Login to the Node server and execute the following command:

# vzctl set VEID --bindmount_add /tmp,noexec,nosuid,nodev --save 
# vzctl set VEID --bindmount_add /var/tmp,noexec,nosuid,nodev --save

The “bindmount_add” option is use to mount the partition inside the VPS. The ‘VEID’ is the VPS ID you are working on.

2) The second option is to mount these partition from within the VPS itself. It is useful incase you don’t have access to the Node server. To mount /tmp and /var/tmp from within the VPS, execute:

# mount -t tmpfs -o noexec,nosuid,nodev tmpfs /tmp 
# mount -t tmpfs -o noexec,nosuid,nodev tmpfs /var/tmp

To check the mounted ‘tmp’ partitions, execute

# mount | grep tmp 
 tmpfs on /tmp type tmpfs (rw,noexec,nosuid) 
 tmpfs on /var/tmp type tmpfs (rw,noexec,nosuid,nodev) 

Related Links:

 How to Secure /tmp on Dedicated server?
This entry was posted on Wednesday, October 27th, 2010 and is filed under VPS Management. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.