You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2008-08-07 19:11:43
- new2arch
- Member
- Registered: 2008-02-25
- Posts: 235
Fstab and 'defaults'
Learning from Archwiki about fstab, is it correct to assume that for example, stating 'nosuid' and 'noexec' after 'defaults' will override its (defaults's) values?
I'm experimenting little with fstab and partitions, for example /tmp and /var are set as 'defaults,noexec,nosuid' and /usr and /boot have 'ro' in addition of having set 'defaults'.
/home is set as 'defaults,nosuid'. (apparantly, 'noexec' in /home isn't feasible. nautilus started to give off weird errors and I couldn't login properly)
I was also tempted to have 'ro' in / but on another machine, 'ro'-ing / gave me problems during boot with /dev complaining. 
Don't know how much it'll do to improve overall security but I think it might be a good approach of deploying a layered defence mechanism.
Last edited by new2arch (2008-08-07 19:14:02)
Offline
#2 2008-08-07 19:19:49
- dyscoria
- Member
- Registered: 2008-01-10
- Posts: 1,007
Re: Fstab and 'defaults'
This may help: http://www.gentoo.org/doc/en/security/s … t=1&chap=4
Oh and mounting the whole root directory as read-only is a bad idea! Also, having noexec in your home directory would stop you from running videos or music files you have there.
edit: to answer your main question, you don't need to specify 'defaults' if you have other options there. This would be perfectly valid, and any values you don't specify would automatically take default values:
/dev/sda1 /home ext3 nodev,nosuid,noatime 0 1
Last edited by dyscoria (2008-08-07 19:24:26)
flack 2.0.6: menu-driven BASH script to easily tag FLAC files (AUR)
knock-once 1.2: BASH script to easily create/send one-time sequences for knockd (forum/AUR)
Offline
#3 2008-08-07 19:43:29
- new2arch
- Member
- Registered: 2008-02-25
- Posts: 235
Re: Fstab and 'defaults'
This may help: http://www.gentoo.org/doc/en/security/s … t=1&chap=4
Oh and mounting the whole root directory as read-only is a bad idea! Also, having noexec in your home directory would stop you from running videos or music files you have there.
edit: to answer your main question, you don't need to specify 'defaults' if you have other options there. This would be perfectly valid, and any values you don't specify would automatically take default values:
/dev/sda1 /home ext3 nodev,nosuid,noatime 0 1
Hi dyscoria, thanks for the explanation and link.
I was under impression that mounting / as 'ro' could mitigate certain attacks and other problems as seen here:
http://en.opensuse.org/How-To_Make_the_ … _read-only
But it's obviously not an easy "patch" to apply - it takes a lot of preparations to achieve success.
I recall mounting / as 'ro' on my old fedora box, following opensuse's how to step by step and it failed tremendously.
I think I got it right now. So what if one didn't specifically state 'defaults' and no other values either for a partition? Would fstab still apply 'default' values?
Last edited by new2arch (2008-08-07 19:44:19)
Offline
Pages: 1