Making /tmp non-executable

Increase security by mounting /tmp as non-executable.

Many high security environments require that the /tmp directory be mounted with the noexec flag set to prevent executables from executing from /tmp. However, when /tmp is non-executable, the Cassandra database fails to starts because JNA cannot start when it does not have a file system location to keep temporary files.

If the /tmp directory is not available, the Cassandra system.log might have an error. To view the error:

tail -3 /var/log/cassandra/system.log

The error is similar to:

ERROR main 2015-12-18 09:57:00,879 CassandraDaemon.java:213 - JNA failing to initialize properly. Use -Dcassandra.boot_without_jna=true to bootstrap even so.
INFO Thread-2 2015-12-18 09:57:00,880 DseDaemon.java:418 - DSE shutting down...
INFO Thread-2 2015-12-18 09:57:00,881 PluginManager.java:103 - All plugins are stopped.

Procedure

To make /tmp non-executable and provide access:

Verify that DataStax Enterprise is running:
```
service dse status
```
Result:
```
dse is running
```

Verify how the /tmp directory is mounted.

mount | grep /tmp

Result:

tmpfs on /tmp type tmpfs (rw,nosuid,nodev,relatime,size=3668992k)

Stop DataStax Enterprise.
```
service dse stop
```
Verify that DataStax Enterprise is not running.
```
service dse status
```
Result:
```
dse is not running
```
Remount /tmp as non-executable.
```
mount -o remount,noexec /tmp
```

Verify that the /tmp directory is mounted as non-executable.

mount | grep /tmp

Result:

tmpfs on /tmp type tmpfs (rw,nosuid,nodev,noexec,relatime,size=3668992k)

In the cassandra-env.sh file, add this line for the /tmp directory that you have access to:
```
JVM_OPTS="$JVM_OPTS -Djna.tmpdir=/tmp/directory/you/have/exec/access/to
```
Restart DataStax Enterprise.