Secure /etc/fstab configuration

[Keessince1988]

Hi,


I would like to have some comments on my /etc/fstab configuration. I want to have usability and security. Did I succeed?

Code:

proc            /proc           proc    defaults        0       0
# / was on /dev/sda5 during installation
UUID=95d6beab-48c9-4a5f-9da5-a776296c8442 /               ext4    errors=remount-ro 0       1
# /boot was on /dev/sda3 during installation
UUID=0c5fb7a2-b3f2-4029-aee4-5f310fad043c /boot           ext2    nodev,nosuid,nouser,auto    0       2
# /home was on /dev/sda11 during installation
UUID=804b4fd1-469c-44bb-bba2-b72c21940c38 /home           ext4    relatime,nodev,nosuid,rw,nouser,auto 0       2
# /tmp was on /dev/sda9 during installation
UUID=3d4248e0-9e9b-4c1e-b983-09c508a51599 /tmp            ext2    nodev,nosuid,nouser,noexec,auto,rw    0       2
# /usr was on /dev/sda6 during installation
UUID=94682ca1-a410-4703-9433-53ae9fe824c9 /usr            ext4    relatime,nodev,rw,nouser,auto 0       2
# /usr/local was on /dev/sda7 during installation
UUID=5f056aab-5cce-4df6-906b-5cae6d95e80b /usr/local      ext4    relatime,nodev,rw,nouser,auto 0       2
# /var was on /dev/sda8 during installation
UUID=c9bfd6be-3bfa-4035-95e2-3c89b782797d /var            ext4    nodev,nouser,auto,rw,noexec           0       2
# swap was on /dev/sda10 during installation
UUID=8cc2d91b-bad8-4909-9218-1999b388a16b none            swap    sw              0       0

# MyBook
UUID=03a0a07a-0f3a-4ada-98a6-d0051308a610 /media/MyBook    ext4    auto,rw,noexec,sync,relatime,dev,user,nosuid  0       2
# Windows
UUID=EC8C8B618C8B2564 /media/Windows                      ntfs    auto,rw,noexec,sync,relatime,dev,user,nosuid  0       2

[Keessince1988]

A slight improvement after some error reports.

Code:

# / was on /dev/sda5 during installation
UUID=95d6beab-48c9-4a5f-9da5-a776296c8442 /               ext4    errors=remount-ro 0       1
# /boot was on /dev/sda3 during installation
UUID=0c5fb7a2-b3f2-4029-aee4-5f310fad043c /boot           ext2    rw,relatime,nodev,nouser,nosuid,async,auto    0       2
# /home was on /dev/sda11 during installation
UUID=804b4fd1-469c-44bb-bba2-b72c21940c38 /home           ext4    rw,relatime,nodev,nouser,async,auto 0       2
# /tmp was on /dev/sda9 during installation
UUID=3d4248e0-9e9b-4c1e-b983-09c508a51599 /tmp            ext2    rw,relatime,nodev,nouser,nosuid,async,auto   0       2
# /usr was on /dev/sda6 during installation
UUID=94682ca1-a410-4703-9433-53ae9fe824c9 /usr            ext4    rw,relatime,nodev,nouser,async,auto 0       2
# /usr/local was on /dev/sda7 during installation
UUID=5f056aab-5cce-4df6-906b-5cae6d95e80b /usr/local      ext4    rw,relatime,nodev,nouser,async,auto 0       2
# /var was on /dev/sda8 during installation
UUID=c9bfd6be-3bfa-4035-95e2-3c89b782797d /var            ext4    rw,relatime,nodev,nouser,nosuid,async,auto          0       2
# swap was on /dev/sda10 during installation
UUID=8cc2d91b-bad8-4909-9218-1999b388a16b none            swap    sw              0       0
# MyBook 
UUID=03a0a07a-0f3a-4ada-98a6-d0051308a610 /media/MyBook   ext4    rw,noexec,relatime,dev,nouser,nosuid,async,auto     0      2
# Windows
UUID=EC8C8B618C8B2564 /media/Windows                      ntfs    rw,noexec,relatime,dev,nouser,nosuid,async,auto     0      2

[Manko10]

It's completely up to you how you manage your fstab. Only note that you should give user mount rights only to disks where it is necessary.
I personally prefer not to use UUIDs. Either I use the raw device file name (which might lead to some inconsistencies if the plug order of the disks changes) or to use labels. That's much clearer than UUIDs and you can distinguish your disks much easier.

[Keessince1988]

It's completely up to you how you manage your fstab. Only note that you should give user mount rights only to disks where it is necessary.
I personally prefer not to use UUIDs. Either I use the raw device file name (which might lead to some inconsistencies if the plug order of the disks changes) or to use labels. That's much clearer than UUIDs and you can distinguish your disks much easier.

With my MyBook it's different, one day it's in /dev/sdf1 the other days it's sdg1, sdh1 or sdb1... The UUID works everytime

[Manko10]

That's what I meant with inconsistencies. But for this I'd prefer labels over UUIDs since they're human readable, UUIDs are not.

[Rubberman]

I prefer labels as well over uuid's. It allows you to replace you hard drives and file systems, or make a bit-image backup that will work with a different drive. Use of UUID's will make that difficult since the UUID changes with the hardware.

[Manko10]

You can set the UUIDs for your partitions manually with tune2fs -U <uuid> but they still have to consist of hypen-separated hex digits, not a convenient and easy to read name.

[Keessince1988]

You can set the UUIDs for your partitions manually with tune2fs -U <uuid> but they still have to consist of hypen-separated hex digits, not a convenient and easy to read name.

Does nobody else have some tips or tricks?

[Manko10]

Which tips do you expect?
As I wrote: I'd rather use labels but of course it's your descision. My second tip was to give only those partitions user mount rights which need them.

[Keessince1988]

Which tips do you expect?
As I wrote: I'd rather use labels but of course it's your descision. My second tip was to give only those partitions user mount rights which need them.

Well mounting my MyBook is only possible with the UUID's, the dev's don't work as I said
Mouting them with fstab is a must because there is a bug in Debian Testing KDE, mounting must be done manually. I also run crontabs to backup my data to my MyBook so I need it to mount at bootup.

I was more like expecting comments on how to secure /tmp for example, to use noexec was something I read, but with updates it's not very practicable. Things like that, permissions on the separate partitions, with different roles on Linux. Not too much and not too few restrictions.