nixCraft
What is the best way to secure mount point?
This is a discussion on What is the best way to secure mount point? within the Linux software forums, part of the Linux Getting Started category; We have three Linux and one FreeBSD server for hosting customer's domains. On all systems, we have separate partition called ...
|
|||||||
| Register | FAQ | Members List | Calendar | Forgotten your password? | Mark Forums Read |
06-03-2005, 11:56 AM
|
|||
|
|||
What is the best way to secure mount point?
We have three Linux and one FreeBSD server for hosting customer's domains. On all systems, we have separate partition called /dev/device mounted on /wwwdata (example /wwwdata/mydomain.com is webroot for virtual host and ftp account)
I would like to know how to secure this mount point, as I have noticed some users can create dangerous stuff in /tmp (especially those with shell account) using perl or even compiled and what not causing security risk; though I have uninstalled gcc so that they cannot install and compile anything downloaded from net.. I am trying to find answer via google but no luck so far... I need gcc as we have custom compiled postfix, apache and other stuff as per our needs
__________________
There's no place like 127.0.0.1 
|
| Sponsored Links | ||
|
|
|
06-04-2005, 12:40 AM
|
||||
|
||||
|
To Secure mount point
Use mount options to help prevent intruders or your own users from executing program For example /tmp cannot be used to execute program add -o nodev,noexec,nosuid /tmp or /wwwdata mount point in /etc/fstab # mount -o nodev,noexec,nosuid /dev/sda2 /wwwdata # mount -o nodev,noexec,nosuid /dev/hda3 /tmp Above flags to mount, commands are available on both Linux (ext2/3) and FreeBSD file systems. Secure ftp login using chroot feature, since you have not mentioned your ftp server I can't give exact info on this... however all modern ftp server has this feature so user ftp in they can't move to /tmp or something else... Hope this helps
|
 |
| Bookmarks |
«
Is Linux kernel is monolithic or modular kernel?
|
How to find different type of words (pattern matching) in vi
»
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) |
|
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Mount iso image | saurabh_jsh | Linux hardware | 1 | 04-29-2008 03:52 PM |
| secure smtp and secure POP | shaun_s | Mail Servers | 0 | 12-11-2007 07:56 PM |
| mount -o loop .... | PeterGib | Linux software | 3 | 08-17-2007 07:03 AM |
| Why are ulimit values not being set properly upon SSH (Secure Shell) login? | jerry | Networking, Firewalls and Security | 0 | 06-15-2007 11:58 PM |
| Secure vsftpd FTP permissions on anonymous user uploads | nixcraft | Getting started tutorials | 6 | 12-20-2006 03:00 AM |
All times are GMT +5.5. The time now is 10:42 PM.
