View previous topic :: View next topic |
Author |
Message |
Anardil Tux's lil' helper
Joined: 27 Jun 2004 Posts: 90
|
Posted: Sat Feb 18, 2006 1:16 pm Post subject: Grant exec permission on dedicated users home |
|
|
Hi everybody,
I need to mount my users home-dir with the exec-option to run programs out of my homes-dir.
I have got the homes-directories on a seperate partition on my disc, so I can simply add the exec-option in my fstab when
mounting this directory.
The problem is, that this grants exec-permission to all users on the machine, which is not very great due to security issues.
I only want to grant these permission for lets say the users in the development-group or to dedicated users only and not to all users!
Can ne1 help me here? |
|
Back to top |
|
|
yther Apprentice
Joined: 25 Oct 2002 Posts: 151 Location: Charlotte, NC (USA)
|
Posted: Sun Feb 19, 2006 6:46 pm Post subject: |
|
|
I'm certain this is not the best solution, but it is a simple one. Make two partitions. Mount one as /home/dev and allow exec on that one. Mount the other as /home/user or whatever, with noexec. There's no law saying you only get to have one /home drive! (Note that you'll still need to have an empty /home/ to contain the other two. You could also use /devhome and /userhome or whatever makes sense to you.)
Of course, what that really means is, "programs located on this drive cannot be run", not "users with their home directory on this drive cannot run programs"—if a regular user manages to put an executable somewhere that is allowed, it will run. Tighter security measures than I actually understand are needed if you want to get tough. |
|
Back to top |
|
|
Anardil Tux's lil' helper
Joined: 27 Jun 2004 Posts: 90
|
Posted: Sun Feb 19, 2006 9:35 pm Post subject: |
|
|
hey thx for reply this was also my first thought but I don't like this solution either. |
|
Back to top |
|
|
|