Image on Details... https://www.deepreflect.net/tags/image/ Recent content in Image on Details... Hugo en-US Copyright © 2003 - 2026 Leonardo Rizzi Tue, 30 Jun 2026 03:28:29 +0200 Securing "tmp" without repartition https://www.deepreflect.net/2010/01/16/securing-tmp/ Sat, 16 Jan 2010 22:57:24 +0000 http://blog.deepreflect.net/?p=786 <ol> <li>First you should secure /tmp:</li> </ol> <p>Make a 1GB file for /tmp parition and an ext3 filesystem for tmp:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span># dd if=/dev/zero of=/dev/tmpFS bs=1024 count=1000000 </span></span><span style="display:flex;"><span># /sbin/mkfs.ext3 /dev/tmpFS </span></span></code></pre></div><p>Create a backup copy of your current /tmp drive:</p> <p><code># cp -Rpf /tmp /tmpbackup</code></p> <p>Mount our new tmp parition and change permissions:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span># mount -o loop,noexec,nosuid,rw /dev/tmpFS /tmp </span></span><span style="display:flex;"><span># chmod 1777 /tmp </span></span></code></pre></div><p>Copy the old data: <code>cp -Rpf /tmpbackup/\* /tmp/</code></p> <p>If you run the mount command and you should get something like this: <code>/dev/tmpMnt on /tmp type ext3 (rw,noexec,nosuid,loop=/dev/loop0)</code></p>
  • First you should secure /tmp:

    • Make a 1GB file for /tmp parition and an ext3 filesystem for tmp:

    # dd if=/dev/zero of=/dev/tmpFS bs=1024 count=1000000
# /sbin/mkfs.ext3 /dev/tmpFS

    Create a backup copy of your current /tmp drive:

    # cp -Rpf /tmp /tmpbackup

    Mount our new tmp parition and change permissions:

    # mount -o loop,noexec,nosuid,rw /dev/tmpFS /tmp
# chmod 1777 /tmp

    Copy the old data: cp -Rpf /tmpbackup/\* /tmp/

    If you run the mount command and you should get something like this: /dev/tmpMnt on /tmp type ext3 (rw,noexec,nosuid,loop=/dev/loop0)

    Edit /etc/fstab and add this:

    /dev/tmpMnt /tmp ext3 loop,nosuid,noexec,rw 0 0

    Test your fstab entry:

    # mount -o remount /tmp

    You can test it runnig a script on /tmp partition, if you get “permission denied” it is fine :)

    1. Secure /var/tmp:

    It should be done because some applications use /var/tmp as the temporary folder, and anything that’s accessible by all, needs to be secured.

    Rename it and create a symbolic link to /tmp:

    # mv /var/tmp /var/tmp1
# ln -s /tmp /var/tmp

    Copy the old data back:

    # cp /var/tmpold/* /tmp/

    Note: you should restart and services that uses /tmp partition

    ]]>