Results 1 to 2 of 2

Thread: What is the best way to secure mount point?

  1. #1
    Senior Member chiku's Avatar
    Join Date
    Feb 2005
    Posts
    103
    Thanks
    11
    Thanked 5 Times in 4 Posts
    Rep Power
    10

    Default What is the best way to secure mount point?

    We have three Linux and one FreeBSD server for hosting customer's domains. On all systems, we have separate partition called /dev/device mounted on /wwwdata (example /wwwdata/mydomain.com is webroot for virtual host and ftp account)

    I would like to know how to secure this mount point, as I have noticed some users can create dangerous stuff in /tmp (especially those with shell account) using perl or even compiled and what not causing security risk; though I have uninstalled gcc so that they cannot install and compile anything downloaded from net.. I am trying to find answer via google but no luck so far... I need gcc as we have custom compiled postfix, apache and other stuff as per our needs
    There's no place like 127.0.0.1

  2. #2
    Senior Member monk's Avatar
    Join Date
    Jan 2005
    Location
    Tibet
    Posts
    643
    Thanks
    5
    Thanked 43 Times in 38 Posts
    Rep Power
    15

    Default

    To Secure mount point

    Use mount options to help prevent intruders or your own users from executing program
    For example /tmp cannot be used to execute program add -o nodev,noexec,nosuid /tmp or /wwwdata mount point in /etc/fstab
    # mount -o nodev,noexec,nosuid /dev/sda2 /wwwdata
    # mount -o nodev,noexec,nosuid /dev/hda3 /tmp

    Above flags to mount, commands are available on both Linux (ext2/3) and FreeBSD file systems.

    Secure ftp login using chroot feature, since you have not mentioned your ftp server I can't give exact info on this... however all modern ftp server has this feature so user ftp in they can't move to /tmp or something else...

    Hope this helps

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Mount iso image
    By saurabh_jsh in forum Linux hardware
    Replies: 1
    Last Post: 29th April 2008, 03:52 PM
  2. secure smtp and secure POP
    By shaun_s in forum Mail Servers
    Replies: 0
    Last Post: 11th December 2007, 07:56 PM
  3. mount -o loop ....
    By PeterGib in forum Linux software
    Replies: 3
    Last Post: 17th August 2007, 07:03 AM
  4. Why are ulimit values not being set properly upon SSH (Secure Shell) login?
    By jerry in forum Networking, Firewalls and Security
    Replies: 0
    Last Post: 15th June 2007, 11:58 PM
  5. Secure vsftpd FTP permissions on anonymous user uploads
    By nixcraft in forum Getting started tutorials
    Replies: 6
    Last Post: 20th December 2006, 03:00 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •