9.3. Mount Policy

The mount policy can be defined by mount options that can help you prevent unexpected usage of files. These options are listed in the table:

Option Description
noexec Do not allow direct execution of any binaries on the mounted file system.
nodev Do not interpret character or block special devices on the file system.
nosuid Do not allow set-user-identifier or set-group-identifier bits to take effect.
nouser Forbids an ordinary (i.e., non-root) user to mount the file system.

You can add these mount options to corresponding partitions in /etc/fstab. For example, the noexec option can be applied to the /tmp partition, while all of the above options can be applied to removable media mounts (CDROMs, DVDROMs, floppy drives, USB memory cards, etc.).