How to secure the /tmp and /var/tmp partition on a VPS?
On a VPS, there are 2 ways to mount OR secure /tmp and /var/tmp partitions with the noexec,nosuid option. One way is to mount these partitions from the Node the VPS resides on.
# vzctl set VEID --bindmount_add /tmp,noexec,nosuid,nodev --save # vzctl set VEID --bindmount_add /var/tmp,noexec,nosuid,nodev --save
The “bindmount_add” option is use to mount the partition inside the VPS. The ‘VEID’ is the VPS ID you are working on.
2) The second option is to mount these partition from within the VPS itself. It is useful incase you don’t have access to the Node server. To mount /tmp and /var/tmp from within the VPS, execute:
# mount -t tmpfs -o noexec,nosuid,nodev tmpfs /tmp # mount -t tmpfs -o noexec,nosuid,nodev tmpfs /var/tmp
To check the mounted ‘tmp’ partitions, execute
root@server [~]# mount | grep tmp tmpfs on /tmp type tmpfs (rw,noexec,nosuid) tmpfs on /var/tmp type tmpfs (rw,noexec,nosuid,nodev)