Closed FlorianHeigl closed 5 years ago
FlorianHeigl
commented
5 years ago 
trimstray
commented
5 years ago Dear @FlorianHeigl!
It's really cool! I have questions.
What is the difference between:
tmpfs /dev/shm tmpfs rw,nodev,nosuid,noexec,size=1024M,mode=1777 0 0and
> You can also create a group named 'shm' and put application users for SHM-using applications in there. Then the access can be completely be restricted as such:
tmpfs /dev/shm tmpfs rw,nodev,nosuid,noexec,mode=1770,size=1024M 0 0Hmm... it's the same. For more consistency, let's change it to:
tmpfs /dev/shm tmpfs rw,nodev,nosuid,noexec,size=1024M,mode=1777 0 0And please tell me what you mean: put application users for SHM-using applications in there - in /dev/shm. Can you give an example?
Thanks!!!
FlorianHeigl
commented
5 years ago Sorry, I must have been too tired... Replying here first:
It should have been like this:
Either:
tmpfs /dev/shm tmpfs rw,nodev,nosuid,noexec,size=1024M,mode=1777 0 0Or (with group)
tmpfs /dev/shm tmpfs rw,nodev,nosuid,noexec,size=1024M,mode=1770,uid=root,gid=shm 0 0Combined with a /etc/group entry for a group named shm. That group contains the users (i.e., say, mysql) which applications use that should be able to write there.
They can write since it's group writeable, and since it's sticky, they can only touch they can only touch their own stuff.
If you understand like this I'll try to rewrite it correctly later.
trimstray
commented
5 years ago Dear @FlorianHeigl,
It's ok, no problem for me :+1: Good job! Very good.