mount -o nosuid

I am using NFS server version 4.x on a CentOS/RHEL based system. I’m mounting my shared /var/www/ directory on five Apache based nodes using the following syntax:

mount -t nfs4 -o rw,intr,hard,proto=tcp rocknas02:/httproot/www /var/www/

I noticed that due to bug in my app user can sometime upload executable or other device files to get out of chrooted Apache server. How can I prevent such security issues on a CentOS or RHEL based NFS client and sever setup?

{ 0 comments }

How do I mount /tmp with nodev, nosuid, and noexec options to increase the security of my Linux based web server? How can I add nodev, nosuid, and noexec options to /dev/shm under Linux operating systems?

{ 7 comments }

How do I mount /tmp as a separate filesystem (/root/images/tmpfile.bin) with the noexec,nosuid, nodev options under Linux like operating systems?

{ 5 comments }