Hello, On Fri, 19 May 2006 10:41:04 -0500 "Mikkel L. Ellertson" <mikkel@xxxxxxxxxxxxxxxx> wrote: > Jacob (=Jouk) Jansen wrote: > > Karsten wrote on 19-MAY-2006 16:20:35.24 > >> On Fri, May 19, 2006 at 04:00:07PM +0200, Jacob (=Jouk) Jansen wrote: > >> Hi all, > >> > >> I have a FC5 system with an internal disk and a external USB disk > >> withanext3 partition on it. If a shell script (bash,csh etc..) is > >> located on the internal drive it works fine. If I copy it to the USB > >> disk I get problems: (why????) > > [snip] > >> Check the output of 'mount' for that device. I'm pretty sure that it has > >> been mounted with the 'noexec' flag. > > You are right. > > How to change this? This USB disk is mounted automatically when pluged > > in. I cannot edit fstab since than the machine fails to boot when the > > disk is not present. > > > > Jouk > > > You can add a local HAL rule to override the default behavior when > mounting USB drives. For security reasons, you may want to make the > rule specific to that USB drive. You will want to replace the noexec > option with the nosuid option so that someone can not plug in a USB > drive with a suid root binary that they can use to hack the system. > (Easy way to crack a system - suid root an editor, and modify > /etc/passwd so you can log in as root.) If I've well-understood some recent (and less recent) posts here, HAL is no longer able to change the mount options - what a pain! I could confirm it, it fails at passing exec or any other mount option, lines like the following fail: (excerpts from /usr/share/hal/fdi/policy/95userpolicy/mydevice.fdi [..] <merge key="volume.policy.mount_option.noexec" type="bool">false</merge> <merge key="volume.policy.mount_option.exec" type="bool">true</merge> [..] There's a desktop alternative, adding a "remount-exec" script to ~/.gnome2/nautilus-scripts/, which lets me decide when I remount the device w/ exec capability or not (of course not for vfat ones): #!/bin/sh for FILE_PATH in $NAUTILUS_SCRIPT_SELECTED_FILE_PATHS do test -n "$FILE_PATH" && \ sudo mount -o remount,exec "$FILE_PATH" >> "$LOG" 2>&1 shift done You'll need to add a line like the one below to /etc/sudoers: yourusername ALL=NOPASSWD:/bin/mount,/bin/umount,/sbin/mount.cifs,/sbin/umount.cifs My 2 cts. Regards, -- wwp
Attachment:
signature.asc
Description: PGP signature