Announcement

Collapse
No announcement yet.

Is there a way to forbid the execute bit on files?

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Is there a way to forbid the execute bit on files?

    I am pretty familiar with linux and unix.
    I know how to set the properties of files with chmod and all.
    I'm thinking maybe there is a way to create a user that can not add his own executables.
    Maybe a way to mount a filesystem where it doesn't allow the execute bit on files but does on directories maybe a umask or something? Hmm I might have answered my own question but this may be useful to others.
    Tags: None
    • Top
    • Bottom
    #2
    Re: Is there a way to forbid the execute bit on files?

    Well, one option could be to have a user's home directory on a filesystem that is mounted with the noexec option (but of course users have write access to /tmp and partly in /var as well, so it's not as simple as that).

    Also, even if the user can't execute their files, it's possible to run scripts with 'sh /path/to/script', for example.

    Maybe you could tell us why you're looking into this, perhaps someone can suggest an alternate approach.
    • Top
    • Bottom

    Comment

      #3
      Re: Is there a way to forbid the execute bit on files?

      I may be out of my depth here, but it's interesting. Could you not exclude a special group from /tmp?
      • Top
      • Bottom

      Comment

        #4
        Re: Is there a way to forbid the execute bit on files?

        I could mount tmp the same way :-)

        The idea is to only allow users to only use executables deemed safe and uncompromised.

        Scripts as long as they use the safe executables should be fine.

        Thanks kubicle :-D
        • Top
        • Bottom

        Comment

        Previous template Next
        Working...
        X