Good Idea / Bad Idea - /dev/shm with nosuid, nodev, and noexec

Jacob Albretsen jakea at
Fri Jul 27 17:05:31 MDT 2012


I am hardening some CentOS 5 and 6 boxes, and one of the recommendations I'm 
reading is to mount  /dev/shm with nosuid, nodev, and noexec.  I've read about 
what /dev/shm is, but I lack a deeper understanding.  I've seen some things 
online talking about it, but nothing concrete as to why it's a good idea other 
than "it's more secure".  Can anyone enlighten me more about this? I don't 
want to run into any unintended issues down the road (will XYZ services still 
work, can I still run VMs, etc etc)

Something I've noted, While CentOS 5 and 6 don't have this mount options for 
/dev/shm by default, Fedora 16 does mount /dev/shm with nosuid,nodev.


- Jake

More information about the PLUG mailing list