Current Method to Mount /tmp in 22.04 and Newer with noexec

Utkonos

12/7/23, 11:38 PM

I've read various other questions and answers and all of the guidance for mounting or changing the mount options for /tmp involve /etc/fstab or /etc/systemd/system/local-fs.target.wants/tmp.mount. However, I have looked on Ubuntu 22.04 and fstab has no entry for /tmp and the other file does not exist. I looked in /etc/systemd/system for any files that look like they would be similar to no avail.

What configuration on 22.04 controls the mounting of /tmp and how would I add noexec to the options?

670

1 + 0

fstab

mount

tmp

systemd

Score:0

Ubuntu

Andrew Lowther

12/8/23, 12:04 AM

Create a systemd mount file.

cat <<EOF > /etc/systemd/system/tmp.mount
[Unit]
Description=Temporary Directory /tmp
Documentation=https://systemd.io/TEMPORARY_DIRECTORIES
Documentation=man:file-hierarchy(7)
Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems
ConditionPathIsSymbolicLink=!/tmp
DefaultDependencies=no
Conflicts=umount.target
Before=local-fs.target umount.target
After=swap.target

[Mount]
What=tmpfs
Where=/tmp
Type=tmpfs
Options=mode=1777,strictatime,nosuid,nodev,size=50%%,nr_inodes=1m,noexec

[Install]
WantedBy=local-fs.target
EOF

Enable the mount

systemctl enable tmp.mount

There is a sample mount file located at /usr/share/systemd/tmp.mount. I am simply copying it and adding noexec to the mount options.

+ 3

muru

12/8/23, 3:07 AM

I don't think you need to create a whole unit. You could probably get away with just using an override file `/etc/systemd/system/tmp.mount.d/override.conf` and just have the `[Mount]` section with the `Options` line.

Andrew Lowther

12/8/23, 3:49 AM

The unit must be created because the sample unit is in `/usr/share/systemd`. That is not a path that systemd uses to find units. Here is a more thorough answer https://unix.stackexchange.com/a/722500/439421

muru

12/8/23, 4:43 AM

Ah, yes, Ubuntu's not using that unit by default. In that case I'd guess the recommendation there to use `/etc/fstab` directly would still be preferred to this method.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Current Method to Mount /tmp in 22.04 and Newer with noexec

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.