question regarding noexec,nodev at /tmp
hi,
So, if I am going to use apt-get to run installs; then, how do I use noexec,nodev on /tmp? It seems that /tmp is used for configuring packages. Should I be looking into ACL/MAC set-up instead? Thanks |
See the "/etc/apt/apt.conf" ("/etc/apt/apt.conf.d/70debconf"?) part of http://www.debian-administration.org...non-executable or use a different directory (a /dev/shm?) for scripts?
|
unspawn,
In your option, is setting the noexec bit even worth it? I noticed that it can be worked around in a snap. |
just wanted to add this:
in ubuntu systemes, while /etc/apt.conf is listed on their site as the conf file, you actually get a directory of "part" files. At least for me with x64see below). Code:
ls /etc/apt/apt.conf.d/ && cat /etc/apt/apt.conf.d/70debconf |
Quote:
|
cool! so I guess I will need to look into totally replacing temp with /dev/shm? Will do a little googlein and see what I find.
As before, Thanks ! |
Adding 'tmpfs /dev/shm tmpfs size=128m,mode=1777 0 0' to /etc/fstab should get tmpfs mounted. Then exporting TMP=/dev/shm in init scripts (and say /etc/profile.d/tempdirs.sh) should cover most except subsystems and tools for which you have to configure it manually. There may remain a few that want to use other temp dirs like /var/tmp though ('lsof -Pwln|grep /tmp').
|
SO JUST TO MAKE SURE i GOT THIS RIGHT ( excuse any typing errors..wearing a brace).
1. tmpfs: TRUELY temp in that dureing reboot it gets "re-created"? 2. /dev/shm: do I need a physical partition for it or does it reside somewhere else ( it may sound stupid..I need to know though)? 3. Should I not add noexec to Code:
tmpfs /dev/shm tmpfs size=128m,mode=1777 0 0 4. 128m does not seem very large is it? 5. This is a desktop so are the things your telling about going to restrict its local users as well ( that would be me8))? As before, THANKS! |
Quote:
Quote:
Quote:
Quote:
Quote:
|
thanks. That was very well explained. I appreciate your help.
|
All times are GMT -5. The time now is 02:25 AM. |