9.3. Mount Policy

The mount policy can be defined by mount options that can help you prevent unexpected usage of files. These options are listed in the table:

Option Description
noexec Forbid direct execution of any binaries on the mounted file system.
nodev Do not interpret character or block special devices on the file system.
nosuid Forbid the set-user-identifier or set-group-identifier bits to have effect.
nouser Forbid an ordinary (non-root) user to mount the file system.

You can add these mount options to corresponding partitions in /etc/fstab. For example, the noexec option can be applied to the /tmp partition, while all of the above options can be applied to removable media mounts (CDROMs, DVDROMs, floppy drives, USB memory cards, etc.).