13 Aug
2000
13 Aug
'00
19:48
Hello all, I am setting up a server where users will have shell access (ssh). I want to prevent anyone from uploading and running their own binaries. The idea is simply to make sure that all partitions where users have write access will be mounted with the noexec flag. My only problem is /tmp (which is also a separate partition), where the users will have write access since they have a shell. Is it safe to mount /tmp with noexec too? Or will it break any programs - if so which? The server runs lots of stuff; apache/php, samba, cvs, qmail + courier-imap + fetchmail + procmail for mail system, named, dhcp, sshd, (i may have forgotten some). Any experience and comments are welcome Thanks, Simon