linux下逻辑卷的tmp安全设置

发布时间：2014-07-15 11:50:29作者：知识屋

#dd一个1G的文件，文件/.tmpfs
dd if=/dev/zero of=/.tmpfs bs=1M count=1000
 
#创建文件
mke2fs -j /.tmpfs
 
####################
mke2fs 1.41.12 (17-May-2010)
/.tmpfs is not a block special device.
Proceed anyway? (y,n) y
Filesystem label=
OS type: 
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
64000 inodes, 256000 blocks
12800 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=264241152
8 block groups
32768 blocks per group, 32768 fragments per group
8000 inodes per group
Superblock backups stored on blocks:
        32768, 98304, 163840, 229376
 
Writing inode tables: done                           
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: done
 
This filesystem will be automatically checked every 32 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.
####################
 
#复制文件
cp -av /tmp /tmp.old
 
#挂载之前dd的文件
mount -o loop,noexec,nosuid,rw /.tmpfs /tmp
 
#赋默认/tmp的权限
chmod 1777 /tmp
 
#把刚复制出去的文件移回来
mv -f /tmp.old/* /tmp/
 
#删除文件夹
rm -rf /tmp.old
 
 
#修改/etc/fstab 使它重启后自动挂载
/.tmpfs /tmp ext3 loop,nosuid,noexec,rw 0 0
 
#软链接/var/tmp到/tmp
mv /var/tmp /var/tmp_bak
ln -s /tmp /var/tmp
cp -Rf /var/tmp_bak/* /var/tmp
rm -rf /var/tmp_bak/
 
#测试
#分别到/tmp与/dev/shm目录里，创建可执行文件，并给与777权限
[root@localhost  /tmp]
# ls -lA /tmp/|grep x.sh
-rwxrwxrwx  1 root root     22 Jul 25 15:08 x.sh
 
[root@localhost  /tmp]
# cat /tmp/x.sh 
#!/bin/bash
echo test
 
[root@localhost  /tmp]
# /tmp/x.sh    
-bash: /tmp/x.sh: Permission denied
 
[root@localhost  /dev/shm]
# ls -lA |grep x.sh
-rwxrwxrwx 1 root root 22 Jul 25 15:08 x.sh
 
[root@localhost  /dev/shm]
# cat x.sh
#!/bin/bash
echo test
 
[root@localhost  /dev/shm]
# /dev/shm/x.sh
-bash: /dev/shm/x.sh: Permission denied
#修改/etc/fstab 改变/dev/shm共享内存的nosuid与noexec值
tmpfs   /dev/shm tmpfs defaults,nosuid,noexec,rw 0 0
mount -o remount /dev/shm/

（免责声明：文章内容如涉及作品内容、版权和其它问题，请及时与我们联系，我们将在第一时间删除内容，文章内容仅供参考）