Find the answer to your Linux question:
Page 1 of 3 1 2 3 LastLast
Results 1 to 10 of 23
Hi, I would like to have some comments on my /etc/fstab configuration. I want to have usability and security. Did I succeed? Code: proc /proc proc defaults 0 0 # ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Aug 2010
    Location
    Amsterdam, The Netherlands
    Posts
    33

    Secure /etc/fstab configuration


    Hi,


    I would like to have some comments on my /etc/fstab configuration. I want to have usability and security. Did I succeed?


    Code:
    proc            /proc           proc    defaults        0       0
    # / was on /dev/sda5 during installation
    UUID=95d6beab-48c9-4a5f-9da5-a776296c8442 /               ext4    errors=remount-ro 0       1
    # /boot was on /dev/sda3 during installation
    UUID=0c5fb7a2-b3f2-4029-aee4-5f310fad043c /boot           ext2    nodev,nosuid,nouser,auto    0       2
    # /home was on /dev/sda11 during installation
    UUID=804b4fd1-469c-44bb-bba2-b72c21940c38 /home           ext4    relatime,nodev,nosuid,rw,nouser,auto 0       2
    # /tmp was on /dev/sda9 during installation
    UUID=3d4248e0-9e9b-4c1e-b983-09c508a51599 /tmp            ext2    nodev,nosuid,nouser,noexec,auto,rw    0       2
    # /usr was on /dev/sda6 during installation
    UUID=94682ca1-a410-4703-9433-53ae9fe824c9 /usr            ext4    relatime,nodev,rw,nouser,auto 0       2
    # /usr/local was on /dev/sda7 during installation
    UUID=5f056aab-5cce-4df6-906b-5cae6d95e80b /usr/local      ext4    relatime,nodev,rw,nouser,auto 0       2
    # /var was on /dev/sda8 during installation
    UUID=c9bfd6be-3bfa-4035-95e2-3c89b782797d /var            ext4    nodev,nouser,auto,rw,noexec           0       2
    # swap was on /dev/sda10 during installation
    UUID=8cc2d91b-bad8-4909-9218-1999b388a16b none            swap    sw              0       0
    
    # MyBook
    UUID=03a0a07a-0f3a-4ada-98a6-d0051308a610 /media/MyBook    ext4    auto,rw,noexec,sync,relatime,dev,user,nosuid  0       2
    # Windows
    UUID=EC8C8B618C8B2564 /media/Windows                      ntfs    auto,rw,noexec,sync,relatime,dev,user,nosuid  0       2
    Last edited by Keessince1988; 11-29-2010 at 07:19 AM.

  2. #2
    Just Joined!
    Join Date
    Aug 2010
    Location
    Amsterdam, The Netherlands
    Posts
    33
    A slight improvement after some error reports.

    Code:
    # / was on /dev/sda5 during installation
    UUID=95d6beab-48c9-4a5f-9da5-a776296c8442 /               ext4    errors=remount-ro 0       1
    # /boot was on /dev/sda3 during installation
    UUID=0c5fb7a2-b3f2-4029-aee4-5f310fad043c /boot           ext2    rw,relatime,nodev,nouser,nosuid,async,auto    0       2
    # /home was on /dev/sda11 during installation
    UUID=804b4fd1-469c-44bb-bba2-b72c21940c38 /home           ext4    rw,relatime,nodev,nouser,async,auto 0       2
    # /tmp was on /dev/sda9 during installation
    UUID=3d4248e0-9e9b-4c1e-b983-09c508a51599 /tmp            ext2    rw,relatime,nodev,nouser,nosuid,async,auto   0       2
    # /usr was on /dev/sda6 during installation
    UUID=94682ca1-a410-4703-9433-53ae9fe824c9 /usr            ext4    rw,relatime,nodev,nouser,async,auto 0       2
    # /usr/local was on /dev/sda7 during installation
    UUID=5f056aab-5cce-4df6-906b-5cae6d95e80b /usr/local      ext4    rw,relatime,nodev,nouser,async,auto 0       2
    # /var was on /dev/sda8 during installation
    UUID=c9bfd6be-3bfa-4035-95e2-3c89b782797d /var            ext4    rw,relatime,nodev,nouser,nosuid,async,auto          0       2
    # swap was on /dev/sda10 during installation
    UUID=8cc2d91b-bad8-4909-9218-1999b388a16b none            swap    sw              0       0
    # MyBook 
    UUID=03a0a07a-0f3a-4ada-98a6-d0051308a610 /media/MyBook   ext4    rw,noexec,relatime,dev,nouser,nosuid,async,auto     0      2
    # Windows
    UUID=EC8C8B618C8B2564 /media/Windows                      ntfs    rw,noexec,relatime,dev,nouser,nosuid,async,auto     0      2

  3. #3
    Linux User Manko10's Avatar
    Join Date
    Sep 2010
    Posts
    250
    It's completely up to you how you manage your fstab. Only note that you should give user mount rights only to disks where it is necessary.
    I personally prefer not to use UUIDs. Either I use the raw device file name (which might lead to some inconsistencies if the plug order of the disks changes) or to use labels. That's much clearer than UUIDs and you can distinguish your disks much easier.

  4. #4
    Just Joined!
    Join Date
    Aug 2010
    Location
    Amsterdam, The Netherlands
    Posts
    33
    Quote Originally Posted by Manko10 View Post
    It's completely up to you how you manage your fstab. Only note that you should give user mount rights only to disks where it is necessary.
    I personally prefer not to use UUIDs. Either I use the raw device file name (which might lead to some inconsistencies if the plug order of the disks changes) or to use labels. That's much clearer than UUIDs and you can distinguish your disks much easier.
    With my MyBook it's different, one day it's in /dev/sdf1 the other days it's sdg1, sdh1 or sdb1... The UUID works everytime

  5. #5
    Linux User Manko10's Avatar
    Join Date
    Sep 2010
    Posts
    250
    That's what I meant with inconsistencies. But for this I'd prefer labels over UUIDs since they're human readable, UUIDs are not.

  6. #6
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,533
    I prefer labels as well over uuid's. It allows you to replace you hard drives and file systems, or make a bit-image backup that will work with a different drive. Use of UUID's will make that difficult since the UUID changes with the hardware.
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

  7. #7
    Linux User Manko10's Avatar
    Join Date
    Sep 2010
    Posts
    250
    You can set the UUIDs for your partitions manually with tune2fs -U <uuid> but they still have to consist of hypen-separated hex digits, not a convenient and easy to read name.

  8. #8
    Just Joined!
    Join Date
    Aug 2010
    Location
    Amsterdam, The Netherlands
    Posts
    33
    Quote Originally Posted by Manko10 View Post
    You can set the UUIDs for your partitions manually with tune2fs -U <uuid> but they still have to consist of hypen-separated hex digits, not a convenient and easy to read name.
    Does nobody else have some tips or tricks?

  9. #9
    Linux User Manko10's Avatar
    Join Date
    Sep 2010
    Posts
    250
    Which tips do you expect?
    As I wrote: I'd rather use labels but of course it's your descision. My second tip was to give only those partitions user mount rights which need them.
    Refining Linux Advent calendar: 24 Outstanding ZSH Gems

  10. #10
    Just Joined!
    Join Date
    Aug 2010
    Location
    Amsterdam, The Netherlands
    Posts
    33
    Quote Originally Posted by Manko10 View Post
    Which tips do you expect?
    As I wrote: I'd rather use labels but of course it's your descision. My second tip was to give only those partitions user mount rights which need them.
    Well mounting my MyBook is only possible with the UUID's, the dev's don't work as I said
    Mouting them with fstab is a must because there is a bug in Debian Testing KDE, mounting must be done manually. I also run crontabs to backup my data to my MyBook so I need it to mount at bootup.

    I was more like expecting comments on how to secure /tmp for example, to use noexec was something I read, but with updates it's not very practicable. Things like that, permissions on the separate partitions, with different roles on Linux. Not too much and not too few restrictions.

Page 1 of 3 1 2 3 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •