Ubuntu – Secure shared memory


In my Ubuntu deployment script I have written a function to secure shared memory. For a web server it's important to secure the shared memory to tighten up security. Below you can find the code:

echo "tmpfs       /dev/shm     tmpfs   tdefaults,noexec,nosuid        0 0" >> /etc/fstab

When I reboot the web server it gets stuck. I can't see where it goes wrong. Do you have an idea, please let me know.

Best Answer

Unless theres's a typo in your question, I think you're options are off. First, don't specify 'defaults' (or tdefaults, as you have it.. Here's the output of my shm directory taken from cat /proc/mounts:

none /run/shm tmpfs rw,nosuid,nodev,relatime 0 0

Note that on my ubuntu (12.10) it is mounted in /run and not /dev, although I doubt that matters. Try changing your string to

echo "tmpfs /dev/shm tmpfs rw,nosuid,nodev,relatime 0 0" >> /etc/fstab

and see what happens.

Related Question