[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Postfix Problems



On Tue, 2006-05-23 at 13:11 +0100, Paul Howarth wrote:
> If you have /tmp on a separate partition, I'd seriously consider 
> mounting it noexec,nodev. If it's not a separate partition, I'd 
> seriously consider making one for it on an Internet-exposed web
> server. 
> Same goes for /var.

I haven't struck any problems with doing that to /tmp/, but if you have
a chrooted BIND and a nodev mounted /var/ you strike problems with it
not being able to use its chrooted /dev/random, at least.  And a noexec
mounted /var/ requires you to have your webserver cgi-bin programs
stored in another location (e.g. /srv/www/cgi-bin/).  Not sure how
that'd impinge on PHP, etc.

I can't think of any other gotchas to prepare for at the moment.

-- 
(Currently running FC4, occasionally trying FC5.)

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]