Mount tmp partition with 'noexec' option

From HostThyself

Jump to: navigation, search

When ipartition in for a new install t is recommended to create /tmp as separate partition and mount it with 'noexec' and 'nosuid' options.

'noexec' disables the executable file attribute within an entire filesystem, effectively preventing any files within that filesystem from being executed.

'nosuid' disables the SUID file-attribute within an entire filesystem. This prevents SUID attacks on the filesystem.

If /tmp is a separate partition on the server,

  • Edit /etc/fstab and add 'noexec' and 'nosuid' options for /tmp.
  • Remount the partition.

If /tmp directory resides on / partition,

  • Create a new partition for /tmp, for example with size 512M: 
mkdir /filesystems
dd if=/dev/zero of=/filesystems/tmp_fs seek=512 count=1 bs=1M
mkfs.ext3 /filesystems/tmp_fs
  • Add the string into /etc/fstab: 
/filesystems/tmp_fs /tmp ext3 noexec, nosuid, loop 1 1
  • Change permission 
chmod 1777 /tmp


  • Move current /tmp directory content to another location.
  • Mount new /tmp partition: 
mount /tmp
  • Move content from old /tmp directory to the new one.

[edit] Related

Retrieved from "http://www.hostthyself.com/Mount_tmp_partition_with_%27noexec%27_option"
Personal tools