1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

mount: no permission to look at /dev/loop<N>

Discussion in 'Plesk 11.x for Linux' started by pmw.wong, Aug 20, 2012.

  1. pmw.wong

    pmw.wong New Pleskian

    10
     
    Joined:
    Aug 20, 2012
    Messages:
    3
    Likes Received:
    0
    Hi all,

    I followed the steps described in the following link to secure the /tmp in my server. Unfortunately, the error message "mount: no permission to look at /dev/loop<N>" was displayed after typing the command: mount /tmp.

    I tried to look for a solution from the Internet. Somebody said this securing /tmp method does not work in Virtual Dedicated Server, which I am using. Is it true? Are there any alternative solutions?


    Restricting Script Execution in the /tmp Directory:
    http://download1.parallels.com/Ples...nistration-guide/index.htm?fileName=66758.htm
     
  2. abdi

    abdi Platinum Pleskian

    31
    18%
    Joined:
    May 14, 2006
    Messages:
    2,913
    Likes Received:
    60
    Hardening TMP Folder

    Am not sure about the VPS though would love to check it out for you. However, below are my instructions I have used to secure / harden TMP folders for Years :)

    TMP Directory Hardening

    Secure Temporary Directories
    The first step is to check if /tmp is already secure. Some datacenters do not create a /tmp partition while others do.

    Code:
    df -h |grep tmp
    If that displays nothing then go below to create a tmp partition. If you do have a tmp partition you need to see if it mounted with noexec.

    Code:
    cat /etc/fstab |grep tmp
    If there is a line that includes /tmp and noexec then it is already mounted as non-executable. If not follow the instructions below to create one without having to physically format your disk. Idealy you would make a real partition when the disk was originally formated, that being said I have not had any trouble create a /tmp partition using the following method. Create a ~16GB partition

    Code:
    cd /dev/; dd if=/dev/zero of=tmpMnt bs=1024 count=16000000
    Format the partion

    Code:
    /sbin/mke2fs /dev/tmpMnt
    When it asks about not being a block special device press Y Make a backup of the old data

    Code:
    cp -Rp /tmp /tmp_backup
    Mount the temp filesystem

    Code:
    mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp
    Set the permissions

    Code:
    chmod 0777 /tmp
    Copy the old files back

    Code:
    cp -Rp /tmp_backup/* /tmp/
    Once you do that go ahead and restart mysql and make sure it works ok. We do this because mysql places the mysql.sock in /tmp which neeeds to be moved. If not it migth have trouble starting. If it does you can add this line to the bottom of the /etc/fstab to automatically have it mounted:

    Code:
    vi /etc/fstab
    Now add this single line at the bottom:

    Code:
    /dev/tmpMnt /tmp ext2 loop,noexec,nosuid,rw 0 0
    While we are at it we are going to secure /dev/shm. Look for the mount line for /dev/shm and change it to the following: none /dev/shm tmpfs noexec,nosuid 0 0
    Umount and remount /dev/shm for the changes to take effect.

    Code:
    umount /dev/shm
    mount /dev/shm
    
    Next delete the old /var/tmp and create a link to /tmp

    Code:
    rm -rf /var/tmp/
    ln -s /tmp/ /var/
    
    If everything still works fine you can go ahead and delete the /tmp_backup directory.

    Code:
    rm -rf /tmp_backup
    You /tmp, /var/tmp, and /dev/shm are now mounted in a way that no program can be directly run from these directories. Like I have said in other articles there are still ways in but this is one of the many layers of security you should have on your system.
     
  3. pmw.wong

    pmw.wong New Pleskian

    10
     
    Joined:
    Aug 20, 2012
    Messages:
    3
    Likes Received:
    0
    Hi,

    Thanks a lot for your help.

    After I typed "mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp", the same error message "mount: no permission to look at /dev/loop<N>" was displayed.

    My Virtual server is provided by godaddy.com. Should I ask them?
     
  4. abdi

    abdi Platinum Pleskian

    31
    18%
    Joined:
    May 14, 2006
    Messages:
    2,913
    Likes Received:
    60
    You will need to ask your hosting provider to allow to use loop devices in your VPS.
     
  5. pmw.wong

    pmw.wong New Pleskian

    10
     
    Joined:
    Aug 20, 2012
    Messages:
    3
    Likes Received:
    0
    Thanks for help.

    Confirmed by the provider, this setting is not allowed in my virtual server.
     
  6. abdi

    abdi Platinum Pleskian

    31
    18%
    Joined:
    May 14, 2006
    Messages:
    2,913
    Likes Received:
    60
    Alright, do you want to consider a Dedicated server instead?
     
Loading...