-1

In CentOS 7, I have been told to secure the /tmp folder with with noexec,nosuid in /etc/fstab

When I view the /etc/fstab, I can only see few lines without /tmp mounting option.

I have created a tmp disk (1gb) and assign this disk via linode manager to /dev/sdc

and in order to mount this in /etc/fstab

I write the following:

/dev/sdc /tmp ext4 defaults,nodev,nosuid,noexec 0 0 then I save this and reboot the server.

I test my /tmp folder by downloading something using wget but nothing got saved in the folder.

How do I secure the /tmp folder in /tmp and /var/tmp?

I read that I must create a new drive for /tmp in order for it to be able to mount as nosuid and noexec

Can anyone guide me? I'm new to CentOS 7.

ToiletGuy
  • 111
  • 6

1 Answers1

2

You're looking for /lib/systemd/system/tmp.mount. See the systemd(1), systemd.unit(5), and systemd.mount(5) man pages for more details.

Ignacio Vazquez-Abrams
  • 45,939
  • 6
  • 79
  • 84
  • I don't understand this.. sorry. do you mean that the mounting done by the system?.. I'm lost now.. I just want to know how do I secure the /tmp folder in /tmp and /var/tmp in CentOS 7 at linode. – ToiletGuy Dec 11 '17 at 00:26
  • Yes, systemd is responsible for mounting it. The options are controlled by that unit file. – Ignacio Vazquez-Abrams Dec 11 '17 at 00:27
  • Ok, how do I secure the /tmp folder with nosuid,noexec ? I have to install directadmin and the requirements said I have to mount the /tmp folder with nosuid and noexec. So far that I know, I have to create a partition for this. https://www.directadmin.com/install.php – ToiletGuy Dec 11 '17 at 00:29
  • Have you had a chance to inspect the file and man pages? – Ignacio Vazquez-Abrams Dec 11 '17 at 00:30
  • What is the bracket number referring too? example systemd (1) ? – ToiletGuy Dec 11 '17 at 00:32
  • The section the man page belongs to. `man 1 man` – Ignacio Vazquez-Abrams Dec 11 '17 at 00:33
  • Ok in the /lib/systemd/system/tmp.mount I see the following: [Mount] What=tmpfs Where=/tmp Type=tmpfs Options=mode=1777,strictatime So adding nosuid,noexec at the Options will work for this? – ToiletGuy Dec 11 '17 at 00:36
  • I'm about to accept this answer, But I dont understand how can the system mount the /temp folder without creating a new partition (as what I read, we need to create partition to be able to mount as nosuid and noexec? Can you explain the concept in your answer? – ToiletGuy Dec 11 '17 at 00:49
  • `tmpfs` is an in-memory filesystem. – Ignacio Vazquez-Abrams Dec 11 '17 at 00:49
  • So, meaning that. My temporary file is using RAM instead of hard drive? I got it.. So it will clear itself when I reboot the server? Is what I'm doing above is correct? extending an option nosuid and noexec? – ToiletGuy Dec 11 '17 at 00:52
  • "Options= Mount options to use when mounting. This takes a comma-separated list of options." – Ignacio Vazquez-Abrams Dec 11 '17 at 00:54