LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-11-2013, 10:24 AM   #1
zethra
LQ Newbie
 
Registered: Jan 2013
Posts: 2

Rep: Reputation: Disabled
Mounting a partition with options - easy question


Hi

I am using Fedora core. I am to create a partition /data where users post some data (all have r+w permissions). Hence for security purposes I have to make it non-executable.

I understand from linux security that noexec and nosuid must both be enabled for /data during mounting. I understand noexec and have it enabled. However I dont have nosuid enabled.

Any reason why both noexec and nosuid should be enabled for /data. Doesnt having just noexec suffice - since the users would not be able to run scripts and suid does not matter.
 
Old 01-11-2013, 01:21 PM   #2
shivaa
Senior Member
 
Registered: Jul 2012
Location: Grenoble, Fr.
Distribution: Sun Solaris, RHEL, Ubuntu, Debian 6.0
Posts: 1,800
Blog Entries: 4

Rep: Reputation: 286Reputation: 286Reputation: 286
There are two things to be considered, first is data protection and second is unauthorized use of that data (i.e. execution of any other user's scripts or codes by any unauthorized users).

To avoid any unauthorized execution, you can set SUID on particular files. As far as I know noexec will even not allow the owner to execute it.

Second, for data protection, you can consider sticky bit permission on /data for better protection of this sort of data which is accessible to many different users. Sticky bit will allow only the owner of directory, owner of file or superuser to modify the content. It's quite simple and easy, as:
Code:
chmod -R a+t /data
 
Old 01-11-2013, 02:16 PM   #3
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,654

Rep: Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255Reputation: 1255
Specifically, nosuid, is used to prevent security issues with executables on a disk that may come with, or have unauthorized root priviliges. A set uid (suid) executable causes the current user identification to be replaced with the user identification of the file being executed (view with "ls -l"). A file that is set uid will be shown as "rws" (or "r-s" or even "--s" rather than "rwx" in the owner field.

Having noexec should prevent any executable from being run and protect you just as well. noexec is frequently considered too restrictive though (people will write scripts...), so having nosuid is a good idea.
 
Old 01-11-2013, 02:59 PM   #4
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 3,136

Rep: Reputation: 1349Reputation: 1349Reputation: 1349Reputation: 1349Reputation: 1349Reputation: 1349Reputation: 1349Reputation: 1349Reputation: 1349Reputation: 1349
Using "noexec" makes "nosuid" superfluous since the files can't be executed at all, but it is still advisable to use "nosuid" just to keep yourself covered on those occasions when you do need to remount the device with "exec" privileges.

Another option you should be using is "nodev", especially on external devices. Otherwise, it is trivial for someone to mount a filesystem containing block-special and/or character-special device nodes and gain direct access to your physical disk drives and even memory.
 
Old 01-16-2013, 04:42 PM   #5
zethra
LQ Newbie
 
Registered: Jan 2013
Posts: 2

Original Poster
Rep: Reputation: Disabled
Thanks everyone. It makes sense now!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
question about resize partition while mounting bbmak Linux - Software 3 07-09-2007 06:31 AM
[Easy question] Mplayer Options bookgekgom Linux - Software 3 06-15-2007 02:23 PM
Mounting DOS partition ... easy question. jrpretz Linux - Newbie 3 07-20-2003 10:34 PM
question about mounting a partition ... purpleburple Linux - General 6 12-12-2002 05:27 PM
Question about mounting a FAT32 partition Genshooter Linux - Hardware 2 08-20-2002 10:59 PM


All times are GMT -5. The time now is 06:14 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration