mount: Disabling execution of scripts

One of the common ways of securing your system is by making the /tmp filesystem unable to run executables. This prevents users from executing scripts in /tmp which is generally writable by everyone.

You can restrict this with the mount option noexec.

Here is an example:

[[email protected] playground]# mount | grep play  
/dev/mapper/vgfirst-lv_test1 on /var/tmp/playground type ext3 (rw)  
[[email protected] playground]# ./helloworld.sh   
Hello World  
[[email protected] playground]# mount -o remount,noexec /dev/mapper/vgfirst-lv_test1 /var/tmp/playground  
[[email protected] playground]# mount | grep play  
/dev/mapper/vgfirst-lv_test1 on /var/tmp/playground type ext3 (rw,noexec)  
[[email protected] playground]# ./helloworld.sh   
-bash: ./helloworld.sh: Permission denied  

About Benjamin

Benjamin is a Infrastructure and Software Engineer. On this blog he writes about Linux, Docker, Programming as well as other Systems topics.

Learn more about Linux

If you liked this article, check out Benjamin's book: Red Hat Enterprise Linux Troubleshooting Guide. Where you can learn a lot more about troubleshooting Linux systems. This book is filled with tips and techniques he has learned over years of managing mission critical systems.

Related