5.16. Control mounting a file system

You can have more control on mounting a file system like /home and /tmp partitions with some nifty options like noexec, nodev, and nosuid. This can be setup in the /etc/fstab text file. The fstab file contains descriptive information about the various file systems mount options; each line addresses one file system. Details regarding to security options in the fstab text file are:

defaults: Allow everything quota, read-write, and suid on this partition.

noquota: Do not set users quotas on this partition.

nosuid: Do not set SUID/SGID access on this partition.

nodev: Do not set character or special devices access on this partition.

noexec: Do not set execution of any binaries on this partition.

quota: Allow users quotas on this partition.

ro: Allow read-only on this partition.

rw: Allow read-write on this partition.

suid: Allow SUID/SGID access on this partition.

For more information on options that you can set in this file fstab, see the man pages about mount(8).

Edit the fstab file vi /etc/fstab and change it depending on your needs. For example:

/dev/sda11 /tmp ext2 defaults 1 2 /dev/sda6 /home ext2 defaults 1 2

To read:

/dev/sda11 /tmp ext2 defaults,rw,nosuid,nodev,noexec 1 2 /dev/sda6 /home ext2 defaults,rw,nosuid,nodev 1 2

nosuid, Meaning do not allow set-user-identifier or set-group-identifier bits to take effect,

nodev, do not interpret character or block special devices on this file system partition,

noexec, do not allow execution of any binaries on the mounted file system.

Take a note that we have added the rw option to the modified lines above. This is because the default options for these lines are defaults, which means to set quota, read-write, and suid, so we must add the rw option to continue having read-write access on these modified file systems. For our example above, the /dev/sda11 represent our /tmp directory partition on the system, and /dev/sda6 the /home directory partition. Of course this will be not the same for you, depending on how you have partitioned your hard disk and what kind of disks are installed on your system, IDE -hda, hdb, etc or SCSI -sda, sdb, etc.

Once you have made the necessary adjustments to the /etc/fstab file, it is time to makethe Linux system aware about the modification. This can be accomplished with the following commands:

[root@deep] /#mount -oremount /home/ [root@deep] /#mount -oremount /tmp/

Each file system that has been modified must be remounted with the command show above. In our example we have modified the /home/, and /tmp/ file system and it is for this reason that we remount these file system with the above commands.