Re: Postfix Problems

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Wed, 2006-05-24 at 01:38 +0930, Tim wrote:
> On Tue, 2006-05-23 at 13:11 +0100, Paul Howarth wrote:
> > If you have /tmp on a separate partition, I'd seriously consider 
> > mounting it noexec,nodev. If it's not a separate partition, I'd 
> > seriously consider making one for it on an Internet-exposed web
> > server. 
> > Same goes for /var.
> I haven't struck any problems with doing that to /tmp/, but if you have
> a chrooted BIND and a nodev mounted /var/ you strike problems with it
> not being able to use its chrooted /dev/random, at least.

True. Noexec is probably more important to have though.

> And a noexec
> mounted /var/ requires you to have your webserver cgi-bin programs
> stored in another location (e.g. /srv/www/cgi-bin/).  Not sure how
> that'd impinge on PHP, etc.

PHP apps should be installable into /usr/share really, but don't usually
need exec permission and so shouldn't be affected by noexec. CGIs need
to go elsewhere as you say though.

> I can't think of any other gotchas to prepare for at the moment.

There were some apps (logrotate springs to mind) that used to run
temporary scripts in /tmp during FC3 time but these seem to be fixed
now. My own server's been running OK like this for a long time.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux