How to secure the /tmp partition on a VPS with noexec,nosuid option?
October 27, 2010 | Posted byOn a VPS, there are 2 ways to mount OR secure /tmp and /var/tmp partitions with the noexec,nosuid option. One way is to mount these partitions from the Host Node (hosting provider can do this) and the other way is to mount them from within the VPS.
1) Login to the Node server and execute the following command:
# vzctl set VEID --bindmount_add /tmp,noexec,nosuid,nodev --save # vzctl set VEID --bindmount_add /var/tmp,noexec,nosuid,nodev --save
The “bindmount_add” option is use to mount the partition inside the VPS. The ‘VEID’ is the VPS ID you are working on.
2) The second option is to mount these partition from within the VPS itself. It is useful incase you don’t have access to the Node server. To mount /tmp and /var/tmp from within the VPS, execute:
# mount -t tmpfs -o noexec,nosuid,nodev tmpfs /tmp # mount -t tmpfs -o noexec,nosuid,nodev tmpfs /var/tmp
To check the mounted ‘tmp’ partitions, execute
# mount | grep tmp tmpfs on /tmp type tmpfs (rw,noexec,nosuid) tmpfs on /var/tmp type tmpfs (rw,noexec,nosuid,nodev)
Related Links:
How to Secure /tmp on Dedicated server?