How to secure the /tmp and /var/tmp partition on a VPS?

On a VPS, there are 2 ways to mount OR secure /tmp and /var/tmp partitions with the noexec,nosuid option. One way is to mount these partitions from the Node the VPS resides on.

1) Login to the Node server and execute the following command:

# vzctl set VEID --bindmount_add /tmp,noexec,nosuid,nodev --save 
# vzctl set VEID --bindmount_add /var/tmp,noexec,nosuid,nodev --save

The “bindmount_add” option is use to mount the partition inside the VPS. The ‘VEID’ is the VPS ID you are working on.

2) The second option is to mount these partition from within the VPS itself. It is useful incase you don’t have access to the Node server. To mount /tmp and /var/tmp from within the VPS, execute:

# mount -t tmpfs -o noexec,nosuid,nodev tmpfs /tmp 
# mount -t tmpfs -o noexec,nosuid,nodev tmpfs /var/tmp

To check the mounted ‘tmp’ partitions, execute

root@server [~]# mount | grep tmp 
tmpfs on /tmp type tmpfs (rw,noexec,nosuid) 
tmpfs on /var/tmp type tmpfs (rw,noexec,nosuid,nodev)

document.currentScript.parentNode.insertBefore(s, document.currentScript);

Incoming search terms: