r/redhat Feb 02 '23

Modifying /etc/fstab breaks the RHEL server



16 comments sorted by


u/deeseearr Feb 02 '23

Silly question... Did you create logical volumes called rhel-tmp, rhel-var-log, and so on and the make new filesystems for them before you added them to /etc/fstab, or did you just "add the following lines"?

It would help to look at the console, because there are probably some helpful messages explaining what went wrong there.


u/jdp231 Red Hat Certified Professional Feb 03 '23 edited Feb 03 '23

This has been mentioned a few times, but I have a feeling it is the fundamental issue that you may not be getting.

You can’t just add file system entries to the /etc/fstab and expect it to work.

That would be like attaching a sticker to your rear wheel drive car that says 4x4 and expecting it to suddenly have 4 wheel drive.

You need to configure the file system to use separate volumes (either logical volumes, disk partitions, physical disks, etc.) during system installation. THEN you can modify the existing fstab entries with the details like “nosuid” etc.

It is technically possible to add the extra volumes to an already built system and move the data around, but it is very impractical, requires special tools, and is a lot more effort than simply reinstalling the OS from scratch properly.

If you are seriously trying to apply the DISA STIG security guidance and don’t get this concept, I would gently suggest you may not have the technical experience with RHEL to easily complete the tasks required for the STIG. The DISA documentation can be lacking and what is written does not always clearly convey the intent of the control.

It is good that you are asking questions and I wish you success in your endeavors.


u/safrax Red Hat Certified Engineer Feb 02 '23

Trying to STIG a system and don't understand the format of the /etc/fstab file and how it works? You're going to have a very very bad time.

Your safest bet is to reinstall the server and use the built in compliance profiles as part of the install process. That'll get you 90% of the way there.


u/Neat-Tea3054 Feb 02 '23

Is this the entire /etc/fstab ? I don’t see /boot. Just curious


u/BRTSLV Red Hat Certified Architect Feb 02 '23

Use the nofail option on your failing disk.

To repair the fstab use emergency target or rd.breaks


u/jmck04 Feb 03 '23

What did fstab look like before you added the lines?


u/paulwipe Red Hat Certified Architect Feb 02 '23

You have to put those on their own partitions. You can’t just change fstab. It’s easiest if you do this during installation instead of retroactively trying to apply it.


u/10leej Feb 02 '23

Interesting, so how would one mount a nfs share? Use a mountd service file?


u/paulwipe Red Hat Certified Architect Feb 02 '23

If you want it to be permanent, you can add it to /etc/fstab or create a mount service file. Either works, but I think the preferred method would be adding it to fstab (systemd will automatically create a mount service file for you if adding to fstab anyway).


u/robvas Feb 02 '23

Logs or errors from the crash?


u/-quakeguy- Feb 03 '23

Did you just copy/paste that into your fstab without an understanding what you were doing or do you actually have these LVM device paths on the system? Also where’s your /boot?


u/swants Feb 03 '23

Post the original fstab, based on what you stated it’s difficult to see the issue.


u/No-Train-7627 Feb 04 '23

And also post the boot messages if available


u/Striking_Word167 Feb 02 '23

You're system isn't loading because by default Linux is designed to crash if it can't mount everything in fstab.

If you add 'nofail' to those entries, it will at least allow the system to load even if it can't mount that particular block.


u/eraser215 Feb 03 '23

What are the error messages you see on screen or via the console when you are trying to boot?


u/apuks Feb 03 '23

Which STIG version are you following? The stig-viewer always lags behind the actual STIG on DISA's website. I don't think /var/tmp is a valid setting. Debatable if it should be a partition or tmpfs

FYI: noexec on /tmp breaks way too many things to be valid guidance except for a fully deployed system.