Mount Policy
The mount policy can be defined by mount options that can help you prevent unexpected usage of files. These options are listed in the table:
| Option | Description |
|---|---|
noexec | Forbid direct execution of any binaries on the mounted file system. |
nodev | Do not interpret character or block special devices on the file system. |
nosuid | Forbid the set-user-identifier or set-group-identifier bits to have effect. |
nouser | Forbid an ordinary (non-root) user to mount the file system. |
You can add these mount options to corresponding partitions in /etc/fstab. For example, the noexec option can be applied to the /tmp partition, while all of the above options can be applied to removable media mounts (CDROMs, DVDROMs, floppy drives, USB memory cards, etc.).
