5

I plan to use this line in /etc/fstab on Ubuntu a 14.04 server running LAMP:

/run/shm/tmp  tmpfs   nosuid,nodev,noexec,size=8G   0  0

My question is, does anyone know if I will create problems by mounting /tmp with nosuid and noexec?

Edited Jan-31-2015: The answer referred to above in "Best way to mount /tmp in fstab?" does not answer my question about what problems might occur if I mount /tmp with nosuid and noexec. It simply mentions that its not necessary to do so, and that something "might" break if I use those options.

The answer below, by aFoP and muru does answer my question by enumerating what will fail, and how to work around the problem.

Thanks aFoP and muru!

LiveWireBT
  • 29,597
dwarfplanet9
  • 51
  • 1
  • 5

1 Answers1

7

I use the entry tmpfs /tmp tmpfs defaults,noexec,nosuid 0 0 in my fstab.

Two problems can occur: during apt-get upgrade the updates cannot be installed. I solved the problem by creating a file /etc/apt/apt.conf with the following lines in it:

DPkg::Pre-Invoke{"mount -o remount,exec /tmp";};
DPkg::Post-Invoke {"mount -o remount,defaults,noexec,nosuid /tmp";};

This way apt will remount /tmp with exec temporarily, to be able to execute the updates.

Another issue I realised that when I needed to run manually update-initramfs -u, it didn't run until I remounted /tmp with exec again:

mount -o remount,exec /tmp

when it finished I remounted the default setting again...

mount -o remount,defaults,noexec,nosuid /tmp
muru
  • 207,228
aFoP
  • 336
  • 1
  • 5