/tmp and /var/tmp Server Check Warning

wisperz · Post by **wisperz** » 15 Nov 2007, 13:06

Hi,

I was just installing config server and try to comply to all its setting suggestion.
All of checking are greens except for :

/tmp should be mounted as a separate filesystem. Consider using /scripts/securetmp

and

/var/tmp isn't mounted with the noexec,nosuid options (currently: none). You should consider adding a mountpoint into /etc/fstab for /var/tmp with those options.

I'm running a Virtuozzo VPS server with WHM/CPanel.
I have try to update the /etc/fstab by adding the noexec,nosuid option to the /tmp and /var/tmp line but no luck. The warning are still there.

I have mentioned this to the host support and according to them, the Virtuozzo is treating the mount differently, not using the fstab or /etc/sysconfig/vz.

I wonder if this is a CFS bug or the VPS mis-setup.

I just knowing the fact that I don't have the access to "vzup2date" utilities, so I can't even know if the Virtuozzo is v3 SP1 or not.

I also want to know the truth if all Virtuozzo VPS user don't have access to vzup2date.

Any advise on these matter would be much appreciated.

Post by **chirpy** » 16 Nov 2007, 16:20

You can't do it on a client VPS, that is something your VPS Host has to do for you.

tomfra · Post by **tomfra** » 06 Dec 2007, 00:13

chirpy wrote:You can't do it on a client VPS, that is something your VPS Host has to do for you.

Not really. Look at http://forum.lxlabs.com/index.php?t=msg ... #msg_13586 , I posted a solution there. Although on a VPS server you indeed can't mount new partisions, securing /tmp via bindmount will still work.

I've heard you need kernel 2.6.16+ for this trick but that shouldn't be a problem for most people I guess.

Tomas

persianwhois · Post by **persianwhois** » 30 Sep 2008, 18:03

chirpy wrote:You can't do it on a client VPS, that is something your VPS Host has to do for you.

How can resolve /tmp warning on deicated servers?