mount: no permission to look at /dev/loop<N>

[pmw.wong]

Hi all,

I followed the steps described in the following link to secure the /tmp in my server. Unfortunately, the error message "mount: no permission to look at /dev/loop<N>" was displayed after typing the command: mount /tmp.

I tried to look for a solution from the Internet. Somebody said this securing /tmp method does not work in Virtual Dedicated Server, which I am using. Is it true? Are there any alternative solutions?


Restricting Script Execution in the /tmp Directory:
http://download1.parallels.com/Ples...nistration-guide/index.htm?fileName=66758.htm

 

[abdi]

Hardening TMP Folder

Am not sure about the VPS though would love to check it out for you. However, below are my instructions I have used to secure / harden TMP folders for Years

TMP Directory Hardening

Secure Temporary Directories
The first step is to check if /tmp is already secure. Some datacenters do not create a /tmp partition while others do.

df -h |grep tmp

If that displays nothing then go below to create a tmp partition. If you do have a tmp partition you need to see if it mounted with noexec.

cat /etc/fstab |grep tmp

If there is a line that includes /tmp and noexec then it is already mounted as non-executable. If not follow the instructions below to create one without having to physically format your disk. Idealy you would make a real partition when the disk was originally formated, that being said I have not had any trouble create a /tmp partition using the following method. Create a ~16GB partition

cd /dev/; dd if=/dev/zero of=tmpMnt bs=1024 count=16000000

Format the partion

/sbin/mke2fs /dev/tmpMnt

When it asks about not being a block special device press Y Make a backup of the old data

cp -Rp /tmp /tmp_backup

Mount the temp filesystem

mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp

Set the permissions

chmod 0777 /tmp

Copy the old files back

cp -Rp /tmp_backup/* /tmp/

Once you do that go ahead and restart mysql and make sure it works ok. We do this because mysql places the mysql.sock in /tmp which neeeds to be moved. If not it migth have trouble starting. If it does you can add this line to the bottom of the /etc/fstab to automatically have it mounted:

vi /etc/fstab

Now add this single line at the bottom:

/dev/tmpMnt /tmp ext2 loop,noexec,nosuid,rw 0 0

While we are at it we are going to secure /dev/shm. Look for the mount line for /dev/shm and change it to the following: none /dev/shm tmpfs noexec,nosuid 0 0
Umount and remount /dev/shm for the changes to take effect.

umount /dev/shm
mount /dev/shm

Next delete the old /var/tmp and create a link to /tmp

rm -rf /var/tmp/
ln -s /tmp/ /var/

If everything still works fine you can go ahead and delete the /tmp_backup directory.

rm -rf /tmp_backup

You /tmp, /var/tmp, and /dev/shm are now mounted in a way that no program can be directly run from these directories. Like I have said in other articles there are still ways in but this is one of the many layers of security you should have on your system.

 

[pmw.wong]

Hi,

Thanks a lot for your help.

After I typed "mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp", the same error message "mount: no permission to look at /dev/loop<N>" was displayed.

My Virtual server is provided by godaddy.com. Should I ask them?

 

[abdi]

You will need to ask your hosting provider to allow to use loop devices in your VPS.

 

[pmw.wong]

Thanks for help.

Confirmed by the provider, this setting is not allowed in my virtual server.

 

[abdi]

Alright, do you want to consider a Dedicated server instead?