[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: noexec mount-option with selinux?



When you want to change the quotas or set them, run:
# setquota username block-soft block-hard inode-soft inode-hard -a

But I'm looking for a clean way to do it without workarounds with selinux!

The system includes a webserver and when someone uses the fileupload of PHP, then the uploaded file will be stored in /tmp. So a quota of just 1 MB on /tmp for every user is not enough.

If the quota limits need to be as strict as your first message indicates, then I'm surprised you haven't already had /tmp/ on a separate filesystem, with separate quotas set. Additionally, I always split off /tmp/ so *if* it fills, it doesn't "damage" my root filesystem.

Actually, /home is not part of the root-partition and /tmp could be a symlink to /home/tmp so both can use the some quota definitions. But how can I setup a system-wide policy that disallows to execute files from /tmp or /home/tmp?

Regards
Marten


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]