Current-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: mount options noexec,nosuid,nodev
Here's an example from my current machine - kernel and userland built from
sources dated 2016-02-16 at 03:01:55 UTC
*** initial conditions from system boot ***
# uname -r
7.99.26
# df
Filesystem 1K-blocks Used Avail %Cap Mounted on
/dev/wd0a 50829066 9345322 38942292 19% /
/dev/wd0e 51615924 481204 48553924 0% /var
/dev/wd0f 51610146 1593252 47436388 3% /home
/dev/wd0g 245273624 66196776 166813168 28% /build
kernfs 1 1 0 100% /kern
ptyfs 1 1 0 100% /dev/pts
procfs 4 4 0 100% /proc
tmpfs 2064480 196620 1867860 9% /var/shm
# grep build /etc/fstab
/dev/wd0g /build ffs rw,log 1 2
# cd /build
# ls -l /build/TEST.sh
-rwxr-xr-x 1 root staff 30 Apr 4 06:26 TEST.sh
# cat /build/TEST.sh
#! /bin/sh
echo "This is $0"
*** The boot-time mount worked, and the various flags were set
# /build/TEST.sh
This is /build/TEST.sh
*** So, unmount, and remount on the running system
# umount /build
# mount /build
# df
Filesystem 1K-blocks Used Avail %Cap Mounted on
/dev/wd0a 50829066 9345322 38942292 19% /
/dev/wd0e 51615924 481304 48553824 0% /var
/dev/wd0f 51610146 1593254 47436386 3% /home
kernfs 1 1 0 100% /kern
ptyfs 1 1 0 100% /dev/pts
procfs 4 4 0 100% /proc
tmpfs 2064480 196620 1867860 9% /var/shm
/dev/wd0g 245273624 66196780 166813164 28% /build
*** The flags were cleared on the remount!
# /build/TEST.sh
/build/TEST.sh: Permission denied.
*** Just to make sure, unmount and then remount with explicit flags set
# umount /build
# mount -o exec,suid,dev /build
# /build/TEST.sh
This is /build/TEST.sh
#
*** Yup, it works again.
On 26 Mar 2016 11:20 pm, "Paul Goyette" <paul%whooppee.com@localhost> wrote:
I always seem to get bitten by this!
I had a power-outage yesterday, and at restart I disabled one of my
filesystems in /etc/fstab (since a fsck of this fs takes a rather long
time). After the reboot, I manually ran fsck and then mounted the
filesystem with
mount /myfs
Yes, I forgot to specify "-o exec,suid,dev" so I couldn't execute any
scripts (or other executables).
But looking through the manual pages, there doesn't seem to be any
indication on when "-o noexec,nosuid,nodev" becomes the default! (It seems
not to be the default when mount is invoked during /etc/rc.d startup
processing, but only after the system is up.)
Where is this documented? And perhaps the mount(8) man page might benefit
if these options included an appropriate cross-ref?
+------------------+--------------------------+------------------------+
| Paul Goyette | PGP Key fingerprint: | E-mail addresses: |
| (Retired) | FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com |
| Kernel Developer | 0786 F758 55DE 53BA 7731 | pgoyette at netbsd.org |
+------------------+--------------------------+------------------------+
!DSPAM:57011e098692117718468!
+------------------+--------------------------+------------------------+
| Paul Goyette | PGP Key fingerprint: | E-mail addresses: |
| (Retired) | FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com |
| Kernel Developer | 0786 F758 55DE 53BA 7731 | pgoyette at netbsd.org |
+------------------+--------------------------+------------------------+
Home |
Main Index |
Thread Index |
Old Index