Fidget,
We have not tried this with OpenVZ. Also Swsoft has provided /tmp security option with the Linux Virtuozzo SP1 itself now. If you want, you can secure /tmp for individual
VPS Hosting using following steps :
* Login to
VPS Hosting.
* Edit /etc/fstab
- Under the existing line (there should only be one line)
- add >> none /tmp tmpfs nodev,nosuid,noexec 0 0
- Reboot the
VPS Hosting to make the changes take effect.
- Log back in and enter "df -h" to see whether the changes have taken effect.
IMPORTANT NOTE 1: You should see a separated /tmp partition now). Note that unlike with a
dedicated server, this /tmp partition isn't a real partition. What it basically does is to create a ramdisk on the hardware node for the
VPS Hosting, of which the diskusage isn't accounted towards the quota of the rest of the
VPS Hosting. The usage is accounted against the "shmpages" of the
VPS Hosting, which can only be set from the hardware node. Usually this is set to either 32mb or 64mb. Also note that the /tmp ramdisk isn't the only thing that consumes the shmpages, there are also several other things that use up the space.
NOTE 2: because it's a ramdisk, all data on the /tmp 'partition' will be lost after a reboot. That's not a problem because all data on the /tmp partition' is temporary data anyway. However, when you install eaccelerator for instance, it needs its own directory on the /tmp partition (it needs /tmp/eaccelerator and needs to be chmod to 777). So after a reboot, that directory would be lost and eaccelerator wouldn't function properly. So if you install eaccelerator (or anything else that requires something like this), then make sure that after a reboot the required directory and chmod are automatically created. You could do this with /etc/rc.local for instance (at the end of that file just add "mkdir /tmp/eaccelerator" "chmod 777 /tmp/eaccelerator").
How do I mount /tmp on VPSes with noexec,nosuid options?
.
.
I hope this will make your task a bit easier in securing the 
Linear Mode
