13

I'm working with a complex /etc/fstab on a RHEL 6.x-based server. The system has a variety of mount options in use across eight partitions, including several bind mounts. I'm testing options and their effect on the image I'm working on.

e.g. options like nodev,nosuid,noexec,nobarrier and several XFS filesystem parameters are in place.

While I know it's possible to remount with specific options, is there a quick way to revert all mounts to the persistent settings hardcoded in /etc/fstab?

For instance sysctl -p loads the /etc/sysctl.conf values and applies them. Is there a mount equivalent?

Edit:

An example config:

#
# /etc/fstab
#
UUID=e6ca80cd    /                       ext4    noatime,nobarrier        1 1
UUID=a327d315    /boot                   ext4    defaults                 1 2
UUID=333ada18    /home                   ext4    noatime,nobarrier,nodev  1 2
UUID=7835718b    /tmp                    ext4    nodev,nosuid,noexec      1 2
UUID=4dd2e9d4    /usr                    ext4    defaults                 1 2
UUID=c274f65f    /var                    ext4    noatime,nobarrier        1 2
UUID=5b5941e0    /var/log                ext4    defaults                 1 2
UUID=3645951a    /var/log/audit          ext4    defaults                 1 2
UUID=3213123c    /vol1                   xfs     noatime,logbufs=8,nobarrier 1 2
UUID=1ee1c070    swap                    swap    defaults                 0 0
# Bind mount for /tmp
/tmp             /var/tmp                none    bind                     0 0
tmpfs            /dev/shm                tmpfs   nodev,nosuid,noexec      0 0
devpts           /dev/pts                devpts  gid=5,mode=620           0 0
sysfs            /sys                    sysfs   defaults                 0 0
proc             /proc                   proc    defaults                 0 0

Of course, a developer asks for execute permissions on /tmp in order to install an application...

I'm finding that the remount option does not work on this system without specifying the device and (re)mountpoint. This is a security-hardened server, so the issues I'm seeing may be SElinux-related or a result of the bind mounts, or maybe even the presence of negated options (noexec versus exec)...

Community
  • 1
ewwhite
  • 194,921
  • 91
  • 434
  • 799
  • Is the developer trying to execute script directly from a shell or web (through httpd)? what error message do you see when you try to execute a script? – Daniel t. Feb 07 '13 at 19:14
  • Think of it as a typical third-party application installer that dumps a binary or shell executable in `/tmp`. Oracle, for instance. – ewwhite Feb 07 '13 at 19:16
  • This could be an SELINUX issue, you might try `ausearch -m AVC,USER_AVC -sv no` and go through the output for any `tmp` errors. – Daniel t. Feb 07 '13 at 20:03

5 Answers5

9

Type this into bash:

egrep -v '^#' /etc/fstab | while read dev dir type opts dump pass ; do
    echo "mount -o remount,${opts} ${dir}";
done

On my system, this produces output like this:

mount -o remount,nodev,noexec,nosuid /proc
mount -o remount,relatime,errors=remount-ro /
mount -o remount,defaults /misc

Try it on your system. If you like it output it produces, use it, or just remove the echo and the double quotation marks from the command above.

Eliah Kagan
  • 775
  • 5
  • 13
ruief
  • 253
  • 1
  • 7
4

I would just use a script to do it for the relevant file systems

for fs in /home /var /whatever
do
    mount -o remount "$fs"
done

You may need to put a -f in there too if one or more fs may be busy e.g.

mount -f -o remount "$fs"
user9517
  • 114,104
  • 20
  • 206
  • 289
3

From the mount manpage:

The remount functionality follows the standard way how the mount command works with options from fstab. It means the mount command doesn't read fstab (or mtab) only when a device and dir are fully specified.

  mount -o remount,rw /dev/foo /dir

After this call all old mount options are replaced and arbitrary stuff from fstab is ignored, except the loop= option which is internally generated and maintained by the mount command.

  mount -o remount,rw  /dir

So mount -o remount /mountpoint should restore the options in /etc/fstab:

mgorven@mamma:~% grep boot /etc/fstab
UUID=823c73dc-8f64-4f76-a120-968106ffdf5a /boot           ext4    relatime        0       2
mgorven@mamma:~% sudo mount -o remount,ro /boot
mgorven@mamma:~% mount | grep boot
/dev/sda4 on /boot type ext4 (ro,relatime)
mgorven@mamma:~% sudo mount -o remount /boot
mgorven@mamma:~% mount | grep boot
/dev/sda4 on /boot type ext4 (rw,relatime)
mgorven
  • 30,036
  • 7
  • 76
  • 121
  • This did not work in my case, but may be a result of other factors on the system. See updated fstab above. – ewwhite Feb 07 '13 at 18:53
  • @ewwhite I can't reproduce the problem using your fstab options, so there's something else going on. – mgorven Feb 07 '13 at 19:08
0

Are you changing the dynamics of the mount flags without going through the /etc/fstab and rebooting?

Can't you do the following (for example):

 mount -o remount /usr

to restore the original options from the /etc/fstab? You can check the mounted options using the mount command without arguments.

mdpc
  • 11,698
  • 28
  • 51
  • 65
0

You're going to have a hard time remounting filesystems like /usr and /var once the system's up and running. Lazy remounting, for example, will probably just return a success but never actually get an opportunity to perform the requested remount because there will be file handles kept open the entire running life of the system.

If this is a development image, as it sounds like, then I recommend just booting the system clean for each test. It's tedious, but at least then you know for sure the system is running the way it would be in production, so your test is reliable.

Jeff Albert
  • 1,967
  • 9
  • 14