Question: I am trying to understand the NOEXEC flag when mounting.
I am having an execution issue within the /tmp directory on someone elses machine that I cannot access atm where the /tmp directory is mounted onto a different drive than ‘/’ and NOEXEC is present. ?I wanted to try and recreate this scenario on my machine, but I do not have a second hard drive. ?I tried doing the following command:
mount –bind /test1 /test2
I then removed the bind flag and added NOEXEC in /etc/fstab. ?Then, I created a file in /test2 called test.sh where it just echos ‘hello world’. ?I try and run it and it said ‘permission denied’. ?I then ran chmod 777 test.sh and was able to execute the file just fine. ?I thought that the NOEXEC flag should not allow me to execute anything?
Is mount –bind /test1 /test2 not the same as mounting from a completely different physical drive? As in /test1 and /test2 are on different drives?
Answer: Option ‘NOEXEC’ flag in the mount command does not allow the execution of executable binaries in the mounted file system1. However, when a script (a text file that begins with she-bang line; i.e., a line that begins with #!) is given to some shells (bash), it will run the executable named on that line (e.g., /usr/bin/perl) and pass the path of the shell script as the first argument. The actual interpreter might not be on that mountpoint.__________1 The mount command typically mounts a file system.?(Arguably, loop-back or bind mountsmay be considered an exception to this generality.)? In some cases(e.g., /tmp), this file system will contain only one directory.