mount: Disabling execution of scripts

Written by Benjamin Cane on 2011-09-08 20:01:06

One of the common ways of securing your system is by making the /tmp filesystem unable to run executables. This prevents users from executing scripts in /tmp which is generally writable by everyone.

You can restrict this with the mount option noexec.

Here is an example:

[[email protected] playground]# mount | grep play  
/dev/mapper/vgfirst-lv_test1 on /var/tmp/playground type ext3 (rw)  
[[email protected] playground]# ./helloworld.sh   
Hello World  
[[email protected] playground]# mount -o remount,noexec /dev/mapper/vgfirst-lv_test1 /var/tmp/playground  
[[email protected] playground]# mount | grep play  
/dev/mapper/vgfirst-lv_test1 on /var/tmp/playground type ext3 (rw,noexec)  
[[email protected] playground]# ./helloworld.sh   
-bash: ./helloworld.sh: Permission denied  

Picture of Benjamin Cane

Benjamin is a Systems Architect working in the financial services industry focused on platforms that require Continuous Availability. He has been working with Linux and Unix for over 10 years now and has recently published his first book; Red Hat Enterprise Linux Troubleshooting Guide.

Publications

Identify, capture and resolve common issues faced by Red Hat Enterprise Linux administrators using best practices and advanced troubleshooting techniques

What people are saying:
Excellent, excellent resource for practical guidance on how to troubleshoot a wide variety of problems on Red Hat Linux. I particularly enjoyed how the author made sure to provide solid background and practical examples. I have a lot of experience on Red Hat but still came away with some great practical tools to add to my toolkit. - Amazon Review

Sponsored by