On Sat, Sep 22, 2018 at 02:51:43AM +0100, Stuart Henderson wrote: > > /, /usr, and /usr/X11R6 definitely contain programs that need setuid, and > /usr/local > is likely to in many cases. Other partitions generally don't, so you can > mount them > with "nosuid". > > While on the subject of mount options, most things can be "nodev" (exceptions > being > / and maybe mounts holding chroot jails, for example the mount containing > /var/www). > > I used to like "noexec" for /tmp, but then I spent too long chasing ports > regression > test failures due to having this restriction, so I got rid of it .. >
Thanks for some of this guidance. I know there is a great deal of information on these options in the man page for mount but this is helpful. Ken