SUMMARY: Mounting nfs filesystem with noexec option

Ross Bennett (ross@orion.gcs.com.au)
Wed, 08 Apr 1998 14:05:47 +1000

Sorry if this is a repost. I *thought* I'd sent it a few days ago,
but I haven't seen it yet.....

Sun managers,

I asked if it was possible to mount an nfs filesystem such that no files
would be executable (like the "noexec" option in Linux). Original request
is attached below.

The replies (listed below) indicated that there is no such option in
Solaris, and that changing the permissions on all files to read-write
only (not executable) was the best solution.

Thanks to:
Casper Dik <casper@holland.Sun.COM>
"Robert G. Ferrell" <rferrell@usgs.gov>
bismark@alta.Jpl.Nasa.Gov (Bismark Espinoza)
Chris Marble <cmarble@orion.ac.hmc.edu>

For their fast replies.
Ross

Original request:

> We have a customer who is running an Ultra170 with Solaris 2.5.1,
> who wants to mount an nfs filesystem such that no files on this
> filesystem can be executed. I believe that there is a mount option
> such as "noexec" in Linux and FreeBSD, but I can't find anything
> similar in Solaris. Does such a thing exist? Is there another way
> of doing this?
>
> The reason for this is that the customer has a public filesystem,
> and they do not want people uploading and executing binaries on
> their system.

Replies:

>From Casper Dik:

> There is no such option.
>
> If people can copy stuff there and run it; they are probably capable
> of copying the stuff to /tmp and running it there also.

>From Robert G. Ferrell:

> mount -r
>
> will mount it read-only. If you want read and write but no execute, just
> run a shell script after mounting that does
>
> chmod -R 666 /mountpoint
>
> (or whatever level of no execute you want).

>From Bismark Espinoza:

> Just make the contents read-only without the exec bit.

>From Chris Marble:

> Mounting the filesystem read-only isn't good enough?

-------------------------------------------------------------------------

GG CC SS *- GRAPHICS COMPUTER SYSTEMS 97 Highbury Rd,
G G C C S S *- *- COMPUTER TECHNOLOGY DESIGN BURWOOD, 3125
G C S *- AUSTRALIA
G GG C S *- Ross Bennett Ph +613-9888-8522
G G C C S S DESIGN ENGINEER Fax +613-9888-8511
GG CC SS ross@gcs.com.au

-------------------------------------------------------------------------