CentOS - Jun 2012 - noexec tmp directory

Hello,

I am fixing up  a system for someone and they did not make a separate 
partition for /tmp...but I want to make it noexec, nosuid.

I came across a site that said I could skip all the mount/unmount and 
new partition stuff (which would probably include downsizing a lvm to 
make room for it)... by adding this in fstab

/tmp  /tmp  bind  nosuid,noexec,bind  0  0

and then reboot...
There is no /tmp in their fstab at the moment and I am afraid to test 
this....
Is this a correct workaround to mount that folder as noexec?
OR was this site wrong?

Hi,

On Thursday, June 7, 2012 at 2:09 PM, Bob Hoffman wrote:
> Hello,
>  
> I am fixing up a system for someone and they did not make a separate  
> partition for /tmp...but I want to make it noexec, nosuid.
>  
> I came across a site that said I could skip all the mount/unmount and  
> new partition stuff (which would probably include downsizing a lvm to  
> make room for it)... by adding this in fstab
>  
> /tmp /tmp bind nosuid,noexec,bind 0 0
>  
> and then reboot...
> There is no /tmp in their fstab at the moment and I am afraid to test  
> this....
> Is this a correct workaround to mount that folder as noexec?
> OR was this site wrong?

That should work.

But maybe it?s better to create a test machine/VM and try it there.

Or, don?t edit your fstab (yet). Just do it live and see if it worked:

    # mount --bind /tmp /tmp
    # mount -o remount,nosuid,noexec /tmp

That way, you know it?ll be back to the old settings when you reboot.

HTH,

--  
- Edo - mailto:ml2edwin at gmail.com
?May a stranger, and not your own mouth, praise you;

 may a foreigner, and not your own lips, do so.??Pro. 27:2