You are not logged in.
- Topics: Active | Unanswered
#1 2023-09-29 20:55:16
- mMDAm
- Member
- Registered: 2022-09-14
- Posts: 8
[SOLVED]Different mount options for different folders in one partition
I'm looking to improve the security of my install, and I've been going through the recommendations at https://wiki.archlinux.org/title/Security to see which ones make sense for me. The mount options section recommends using the nodev, nosuid and noexec options on a few directories, however I have my entire install one one partition (except the efi). Based on the example to give just Steam the exec option, can I simply add a line after my / mount for the other directories, e.g.
/home /home none defaults,lazytime,nodev,nosuid,noexec 0 2? And say I want to keep exec permissions for a bin dir in home, would I add another line like
/home/myuser/bin /home/myuser/bin none defaults,lazytime,nodev,nosuid 0 2?
Last edited by mMDAm (2023-09-30 19:19:47)
Offline
#2 2023-09-30 07:20:07
- seth
- Member
- From: Won't reply 2 private help req
- Registered: 2012-09-03
- Posts: 76,086
Re: [SOLVED]Different mount options for different folders in one partition
No.
Well, almost.
Did you try?
You can use bind mounts to mount an existing directory somewhere else and change the mount options on the fly
https://man.archlinux.org/man/mount.8#B … _operation
This can be leveraged to remount a directory into itself and strip the noexec flag
https://unix.stackexchange.com/question … out-noexec
Unlike the 2013 thread suggests, you don't need a script for that, but I'd be surprised if the bind option was simply implied?
/home /home none bind,defaults,lazytime,nodev,nosuid,noexec
/home/myuser/bin /home/myuser/bin none bind,defaults,lazytime,nodev,nosuid,exec(Not sure whether the explicit "exec" is required but it won't hurt)
Online
#3 2023-09-30 18:05:35
- mMDAm
- Member
- Registered: 2022-09-14
- Posts: 8
Re: [SOLVED]Different mount options for different folders in one partition
I hadn't tried it, but that worked, thanks! I had just missed that extra "bind" option in the wiki. I also added the "user" option for exceptions in my home folder
Offline
#4 2023-09-30 18:18:07
- seth
- Member
- From: Won't reply 2 private help req
- Registered: 2012-09-03
- Posts: 76,086
Re: [SOLVED]Different mount options for different folders in one partition
\o/
Please always remember to mark resolved threads by editing your initial posts subject - so others will know that there's no task left, but maybe a solution to find.
Thanks.
Online