One of the common ways of securing your system is by making the /tmp filesystem unable to run executables. This prevents users from executing scripts in /tmp which is generally writable by everyone.
You can restrict this with the mount option noexec.
Here is an example:
[[email protected] playground]# mount | grep play /dev/mapper/vgfirst-lv_test1 on /var/tmp/playground type ext3 (rw) [[email protected] playground]# ./helloworld.sh Hello World [[email protected] playground]# mount -o remount,noexec /dev/mapper/vgfirst-lv_test1 /var/tmp/playground [[email protected] playground]# mount | grep play /dev/mapper/vgfirst-lv_test1 on /var/tmp/playground type ext3 (rw,noexec) [[email protected] playground]# ./helloworld.sh -bash: ./helloworld.sh: Permission denied
Recently Benjamin published his first book; Red Hat Enterprise Linux Troubleshooting Guide. In addition to writing, he has several Open Source projects focused on making Ops easier. These projects include Automatron, a project enabling auto-healing infrastructure for the masses.
Identify, capture and resolve common issues faced by Red Hat Enterprise Linux administrators using best practices and advanced troubleshooting techniques
What people are saying:
Excellent, excellent resource for practical guidance on how to troubleshoot a wide variety of problems on Red Hat Linux. I particularly enjoyed how the author made sure to provide solid background and practical examples. I have a lot of experience on Red Hat but still came away with some great practical tools to add to my toolkit. - Amazon Review