pascal
08-05-2004, 04:26 PM
Hi
I'd like to know if there is some constraint about creating some partitions on an interworx box.
Indeed, to secure my box, I'd like to create some partitions as show hereunder :
/swap
/boot ==> no suid, ro
/ (root) = all under as /bin , /sbin, /mnt, /dev, /usbin (created)... ==> may have no write authority (mnt with read only)
/tmp = /tmp ==> no suid/sgid; noexec
/usr = /usr + all /root that need write authority (/usr/rootw/) ie:/sbin; /var ; /opt ; .... ==> no suid/sgid
/home = /home => no suid/sgid (noexec ??);
I make a symlink /var /opt to /usr/rootw/var and /usr/rootw/opt
I copy all /usr/sbin/* in /usbin (under / (root)) to have the ability to have all /bin /sbin and /usr/sbin to mnt them with only read authority
In fact i'd like to have something like that in my /etc/fstab
/dev/hda6 swap swap defaults
/dev/hda1 / ext2 defaults
/dev/hda2 /tmp ext2 noexec
/dev/hda3 /boot ext2 nosuid,ro
/dev/hda4 /usr ext2 nosuid
/dev/hda5 /home ext2 noexec
Thank you for your help
@+++
I'd like to know if there is some constraint about creating some partitions on an interworx box.
Indeed, to secure my box, I'd like to create some partitions as show hereunder :
/swap
/boot ==> no suid, ro
/ (root) = all under as /bin , /sbin, /mnt, /dev, /usbin (created)... ==> may have no write authority (mnt with read only)
/tmp = /tmp ==> no suid/sgid; noexec
/usr = /usr + all /root that need write authority (/usr/rootw/) ie:/sbin; /var ; /opt ; .... ==> no suid/sgid
/home = /home => no suid/sgid (noexec ??);
I make a symlink /var /opt to /usr/rootw/var and /usr/rootw/opt
I copy all /usr/sbin/* in /usbin (under / (root)) to have the ability to have all /bin /sbin and /usr/sbin to mnt them with only read authority
In fact i'd like to have something like that in my /etc/fstab
/dev/hda6 swap swap defaults
/dev/hda1 / ext2 defaults
/dev/hda2 /tmp ext2 noexec
/dev/hda3 /boot ext2 nosuid,ro
/dev/hda4 /usr ext2 nosuid
/dev/hda5 /home ext2 noexec
Thank you for your help
@+++