Mount /tmp partition with noexec,nosuid options, and the /home partition with nosuid

jonium

Verified User
Joined
Nov 10, 2010
Messages
211
Location
Alezio - Lecce- Apulia - South Italy
Hello,
I'm installing DirectAdmin on Almalinux.
What's the best configuration in this case?
how to proceed?

Code:
[root@Alma-85-amd64-base ~]# df -h
Filesystem      Size  Used Avail Use% Mounted on
devtmpfs         32G     0   32G   0% /dev
tmpfs            32G     0   32G   0% /dev/shm
tmpfs            32G  636K   32G   1% /run
tmpfs            32G     0   32G   0% /sys/fs/cgroup
/dev/md2        2.0T  1.8G  1.9T   1% /
/dev/md1        989M  198M  740M  22% /boot
/dev/md3        3.5T  220K  3.3T   1% /home
tmpfs           6.3G     0  6.3G   0% /run/user/0

[root@Alma-85-amd64-base ~]# mount
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime,seclabel)
proc on /proc type proc (rw,relatime)
devtmpfs on /dev type devtmpfs (rw,nosuid,seclabel,size=32773884k,nr_inodes=8193471,mode=755)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,seclabel)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,seclabel,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,nodev,seclabel,mode=755)
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,seclabel,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime,seclabel)
bpf on /sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,blkio)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,devices)
cgroup on /sys/fs/cgroup/pids type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,pids)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,net_cls,net_prio)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,cpu,cpuacct)
cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,memory)
cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,hugetlb)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,perf_event)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,cpuset)
cgroup on /sys/fs/cgroup/rdma type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,rdma)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,freezer)
none on /sys/kernel/tracing type tracefs (rw,relatime,seclabel)
configfs on /sys/kernel/config type configfs (rw,relatime)
/dev/md2 on / type ext4 (rw,relatime,seclabel,quota,usrquota,grpquota)
selinuxfs on /sys/fs/selinux type selinuxfs (rw,relatime)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=40,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=17347)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,seclabel,pagesize=2M)
debugfs on /sys/kernel/debug type debugfs (rw,relatime,seclabel)
mqueue on /dev/mqueue type mqueue (rw,relatime,seclabel)
/dev/md1 on /boot type ext3 (rw,relatime,seclabel)
/dev/md3 on /home type ext4 (rw,relatime,seclabel,quota,usrquota,grpquota)
tmpfs on /run/user/0 type tmpfs (rw,nosuid,nodev,relatime,seclabel,size=6561032k,mode=700)

[root@Alma-85-amd64-base ~]# cat /etc/fstab
proc /proc proc defaults 0 0
# /dev/md/0
UUID=31d1f046-b572-484b-a752-79447b0cfbd5 none swap sw 0 0
# /dev/md/1
UUID=943c519a-1667-4a8f-9849-3ccca8ebc1c4 /boot ext3 defaults 0 0
# /dev/md/2
UUID=534f0c17-8975-4d64-9421-61be4ac04193                       /                       ext4    defaults,usrquota,grpquota      0 0
# /dev/md/3
UUID=2f3c933a-35c0-4ef8-9306-7a648cb468e6               /home                   ext4    defaults,usrquota,grpquota      0 0
 
Back
Top