-   Linux - Security (
-   -   Newbie question - /tmp /var/tmp (

Mr happy 01-25-2003 03:53 AM

Newbie question - /tmp /var/tmp

I am using rhat 8 and was wondering why it is necessarry to have world writable and executable permissions anywhere.

- on my distro I have found /tmp and /var/tmp that fit this description.

Is it safe (will things start to break? :D ) or advised for these to be non executable?



markus1982 01-25-2003 04:34 AM

If you've split up these 2 trees into 2 partitions like it's suggested from a security point of view you can change the mount flags to defaults,rw,nodev,noexec,nosuid ... this prevents a couple of attack methods! So as example for /etc/fstab:

LABEL=/tmp        /tmp        ext2        defaults,rw,nodev,noexec,nosuid                1 2

Mr happy 01-27-2003 07:48 AM

Thanks will do.

Basically I am experimenting @ the moment - trying to setup so some users can't create then execute files. Good to know that in most cases u don't really need exec permission on /tmp.

Probably better on a new thread but is there any recommended reading material for locking down a workstation from a logged in users viewpoint? Choice of shell? Mounting option for home directories. Disabling remote access. That sort of thing.

I am pretty new to this but getting a hang of the basic stuff.


markus1982 01-27-2003 02:03 PM

There is a lot of information regarding that around. There are excellent ones for example for Debian GNU/Linux ... I admit I like the Securing Debian Manual.

For RedHat there is a guide at ... the current version can be orderd ... I would suggest something like that. It covers a lot of different aspects.

Just use your favourite search engine - mine is google and look for something like locking down linux box

All times are GMT -5. The time now is 04:13 PM.