0

I have to mount five of my main directories viz. (/home, /usr, /tmp, /root and /var) for a specific project. I did some googling and found out a set of commands which can be executed to mount a particular directory. The commands were as follows:

 #dd if=/dev/zero of=/filesystems/tmp_fs seek=512 count=80000000 bs=1M
 #mkfs.ext3 /filesystems/tmp_fs

After mounting, the entry was registered in fstab as below,

  /filesystems/tmp_fs /tmp ext3 noexec,nosuid,loop 1 1

And at the last step, the directory was mounted.

I followed the same procedure for mounting all the directories specified above. In the end, I could only mount "/root" and "/tmp" directories without any errors. Rest all the three directories gave some or the other error. After mounting '/home' directory, I am getting the following error "No directory. logging in with HOME=/" and similarly after mounting '/var' directory I got the following error "/var/lib/apt//lists No such file or directories". Mounting of '/usr' directory caused the OS to crash as a result of which we could not even login as root user and also some basic commands like 'vi' and 'sudo su', to name a few were not found in the system. ecause of these issues, the only option left was to format the OS since we could not even revert this step because of the missing commands.

Any help or suggestion here in the right direction would be of great help here.

Thanks for the consideration.

SkRuddy
  • 11
  • 6
  • If you have to ask this question, it sounds like you shouldn't be doing this. What exactly are you trying to accomplish through this? For starters, mounting `/usr` with `noexec` is going to render most of the system unusable because a lot of executables live in `/usr/[s]bin` – Dark Falcon Apr 18 '17 at 13:38
  • Actually I am trying to do some R&D related to OS hardening and this is one of the keypoints to be implemented. The primary goal of this is to basically mount my directories in some other directory for security purpose. One thing that I can understand from your comment is that I am not supposed to use noexec for /usr directory and also loop shouldnt be used. Can you please help me with other options and directroies? Thanks :) – SkRuddy Apr 19 '17 at 05:13
  • What is the premise or end goal? You're telling us how you are attempting to accomplish something without telling us the desired end result. There are well-established methods of attaining filesystem isolation. One of the most common is a chroot, which a number of tools can help configure. – Dark Falcon Apr 19 '17 at 13:35

0 Answers0