I noticed after my install that the tmp directory was A- not a sticky B- still executable I went and changed etc/fstab to add loop,noexec,nosuid,rw, which I hope is the right thing to do. I rebooted and it looks like it worked. When doing an ls -l on the main directory, the tmp folder lit up all green in putty (cool, I hope) But the chmods I did with winscp will not take effect (they do on other directories) so I manually ran chmod 1777 on the tmp folder. Since centos seems to be pretty good at pre configuration, I am concerned that maybe I should not do this, but every security book says to do it. I am imagining I will be okay, and I hope if it is right, that others on the list that do not know about this, make the change. Especially if running a webserver. Right or wrong?
Bob Hoffman <> scribbled on Monday, September 15, 2008 8:18 AM:> But the chmods I did with winscp will not take effect (they do on other > directories) so I manually ran chmod 1777 on the tmp folder.Did you do a Ctrl-R to refresh the view in WinSCP? I've been caught with that a few times before... 8-) -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5118 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20080915/3735b6e4/attachment-0002.bin>
Hi Bob, On Mon, Sep 15, 2008 at 02:18, Bob Hoffman <bob at bobhoffman.com> wrote:> I noticed after my install that the tmp directory was > A- not a stickyThen there must be something wrong with your install, because all stock installs of CentOS I have done so far will create /tmp as sticky directory.> B- still executableYou mean permissions? chmod +x? Because it is supposed to have executable permissions. If you mean mounted with noexec, that's different, that's something that is not done by default on CentOS. That is something that can be done only if /tmp is created as a separate partition, but that is not something that everybody does, and I think the default partitioning in CentOS is to keep /tmp on the root filesystem. There are advantages and disadvantages to both approach, you should choose yours. By the way, to do it by default, this is what I use in the ks.cfg I use to kickstart install my machines: logvol /tmp --vgname=raidvol --name=tmp --size=4096 --fstype=ext3 --fsoptions="nodev,nosuid,noexec" I'm still concerned with the fact that you said on your install it was not sticky, because on all my installs, even if I create /tmp as a different filesystem with fsoptions, it is created as a sticky directory. Could you re-check that please? Filipe