Hosting Your Own Web Server: Things to Consider Published: Nov 28, 2006
  • Rating


If you are renting a server then chances are you only have one big partition. Learn how to create a secure /tmp partition even while your server is already up and running on Cpanel/WHM.

Securing Your /tmp Partition with Cpanel/WHM

If you are renting a server then chances are everything is lumped in / and a small amount partitioned for /boot and some for swap. With this current setup, you have no room for making more partitions unless you have a second hard-drive. Learn how to create a secure /tmp partition even while your server is already up and running.
Recently, I found out it would be worthwhile to give /tmp it's own partition and mount it using noexec- This would protect your system from MANY local and remote exploits of rootkits being run from your /tmp folder.

What we are doing it creating a file that we will use to mount at /tmp. So log into SSH and SU to root so we may being!

cd /dev

Create 100MB file for our /tmp partition. If you need more space, make count size larger.

dd if=/dev/zero of=tmpMnt bs=1024 count=100000

Make an extended filesystem for our tmpMnt file

/sbin/mke2fs /dev/tmpMnt

Backup your /tmp dir- I had mysql.sock file that I needed to recreate the symbolic link for. Other programs may use it to store cache files or whatever.

cd /

cp -R /tmp /tmp_backup

Mount the new /tmp filesystem with noexec

mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp

chmod 1777 /tmp

Copy everything back to new /tmp and remove backup

cp -R /tmp_backup/* /tmp/

rm -rf /tmp_backup

Now we need to add this to fstab so it mounts automatically on reboots.

pico -w /etc/fstab

You should see something like this:
/dev/hda3               /                       ext3    defaults,usrquota        1 1
/dev/hda1               /boot                   ext3    defaults        1 2
none                    /dev/pts                devpts  gid=5,mode=620  0 0
none                    /proc                   proc    defaults        0 0
none                    /dev/shm                tmpfs   defaults        0 0
/dev/hda2               swap                    swap    defaults        0 0

At the bottom add
/dev/tmpMnt             /tmp                    ext2    loop,noexec,nosuid,rw  0 0

(Each space is a tab)
Save it!
Ctrl + X and Y

Your done- /tmp is now mounted as noexec. You can sleep a little bit safer tonight. I created a hello world c++ and compiled it then moved it to /tmp. Upon trying to run it (even chmod +x'ed), it gives the following error:

bash: ./a.out: Permission denied

Yay! /tmp no longer has execute permissions :-D

  • Rating


Related Articles

Comments (5)

  • Gravatar - frantz
    frantz 14:14, August 17, 2007
    I know this report is a bit dated, but it was still helpful. I"ve been considring hosting my own server for a while and just came accross this article. Just wanted to say thank you and it helped a lot.
  • Gravatar - julz
    julz 23:23, November 4, 2009
    this article is very useful , im currently planning to build my own webserver, but i have some doubts and questions in mind that I would also like to ask here, <br />
    <br />
    can I use my local highspeed home internet for the server or I have to go for a business internet plan for these?, im worry about the ISP TOS but almost all thread ive read about home webhosting uses their local highspeed internet. Can you share your Ideas about these
  • Gravatar - Dedicated Server India
    Dedicated Server India 09:07, July 9, 2010
    <a href="">Dedicated Server India</a>
  • Gravatar - norhuda
    norhuda 09:50, September 22, 2010
    very good article
  • Gravatar - norhuda
    norhuda 09:51, September 22, 2010
    very good article

Add Your Thoughts is a hosting directory, not a web host.

Copyright © 1998-2015