System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

mount file system in different mode

 
hahmedma
Advisor

mount file system in different mode

dear suppoort,

 

  i had face a problem on the sytem...i need to change some file systems type as follo:

i need to chage the /opt to be read only and need to change the (var,home.tmp.stand) to be on nosuid mode...

 

all this on the plan of security... can i get your support on this issue and also does there were any impact on the system if i had change this file system to its new mounted.

 

thanks

5 REPLIES

Re: mount file system in different mode

What HP-UX version are you using?

 

>I need to change the /opt to be read only

 

/opt is designed to be read only, except when installing new software, so no problems:

mount -o remount,ro device-file /opt

 

>need to change the (var, home, tmp, stand) to be on nosuid mode.

 

It would be a waste of time to do this for non-NFS filesystems like /var/, /tmp/ and /stand/.  So only /home would make sense.  You may be able to use a similar mount command to change it without unmounting.

Ken Grabowski
Respected Contributor

Re: mount file system in different mode

A word of caution on a read only /opt file system. While it is the intention of /opt to be read only, not every 3rd party software provider uses it correctly.  I have found major vendors both reading and writing files in the /opt file system.  Using the find and –mtime commands, check for recently updated files. If you have vital software that does write to the file system, that should constitute remediation for any security exceptions for leaving the file system read write.

hahmedma
Advisor

Re: mount file system in different mode

what about the /etc/fstab...does i need to change it contain for the file system which is need to be read only.
and also what is the right syntix for the read only file system in /etc/fstab...it could be as (ro,auto,user,exec).

Thanks.

Re: mount file system in different mode

>do I need to change it for the file system which needs to be read only.

 

Right.  Just add "ro," to the beginning of the options list field.

chris huys_4
Honored Contributor

Re: mount file system in different mode

Wouldnt do that. Changing modes from a default mode set by the OS, to a non-default mode, will only create problems and solving none. If something bad happened to the contents of /opt; f.e. a badly written script removing some files it shouldnt have removed, the solution is to adapt the script, not to make /opt readonly.

 

The OS is counting on /opt to be in readwrite mode, so changing to a non-default mode, is just asking for problems.