Security & Restriction Mount Options

Question 1

What do Linux security mount options do?

Answer 1

Enhance security by restricting filesystem behavior

Question 2

Name common security mount options.

Answer 2

nodev, nosuid, noexec

Question 3

What does nodev do?

Answer 3

Prevents special device files on a filesystem from being treated as actual devices

Question 4

Why use nodev?

Answer 4

Prevents unauthorized access to hardware or system functions

Question 5

Syntax for nodev?

Answer 5

mount -o nodev <device> <mountpoint></mountpoint></device>

Question 6

Example of nodev?

Answer 6

sudo mount -o nodev /dev/sdb1 /mnt/safe

Question 7

What does nosuid do?

Answer 7

Prevents execution of files with SUID or SGID bits

Question 8

Why use nosuid?

Answer 8

Blocks files from gaining elevated privileges when run

Question 9

Syntax for nosuid?

Answer 9

mount -o nosuid <device> <mountpoint></mountpoint></device>

Question 10

Example of nosuid?

Answer 10

sudo mount -o nosuid /dev/sdb1 /mnt/no-suid

Question 11

What does noexec do?

Answer 11

Prevents execution of any binaries or scripts located on the filesystem

Question 12

Why use noexec?

Answer 12

Protects against unauthorized or malicious code execution

Question 13

Syntax for noexec?

Answer 13

mount -o noexec <device> <mountpoint></mountpoint></device>

Question 14

Example of noexec?

Answer 14

sudo mount -o noexec /dev/sdb1 /mnt/lockdown