[linux-elitists] mount options frenzy!
Thu Mar 29 12:36:19 PST 2001
If you read Linux documentation or articles, as I think you do, you
occasionally come across a tip such as "Mount /home nosuid" or "mount
the web tree noatime" or "mount /usr read-only"
Well, it's time for the elitists of the world to go through our fstabs
and say what we're mounting how, so that I can create the Canonical
Mount Options Chart to educate those less elite than ourselves.
Any comments on the usefulness security-wise of making everything except
/ and /usr nosuid,nodev? And of copious use of noexec?
Here's a start...
/ defaults (ick...can we do better?)
/home nodev,nosuid (BOFHs add noexec and create /home/elitists/* for
users allowed to exec stuff. Add noatime if the
web tree lives here, for performance.)
/mnt/* noauto,nodev,nosuid (possibly add "user" for desktop boxes)
/opt /opt is for Solaris weenies and retards. /opt/foo should be
/usr ro,nodev (remount rw to update software)
Don Marti "I've never sent or received a GIF in my life."
email@example.com -- Bruce Schneier, Secrets and Lies, p. 246.
http://zgp.org/~dmarti/ (Free the Web: http://burnallgifs.org/)
More information about the linux-elitists