9.3. Mount Policy

The mount policy can be defined by mount options that can help you prevent unexpected usage of files. These options are listed in the table:

Option

Description

noexec

Forbid direct execution of any binaries on the mounted file system.

nodev

Do not interpret character or block special devices on the file system.

nosuid

Forbid the set-user-identifier or set-group-identifier bits to have effect.

nouser

Forbid an ordinary (non-root) user to mount the file system.

You can add these mount options to corresponding partitions in /etc/fstab. For example, the noexec option can be applied to the /tmp partition, while all of the above options can be applied to removable media mounts (CDROMs, DVDROMs, floppy drives, USB memory cards, etc.).