On Mon, 2007-06-04 at 08:06 -0500, Les Mikesell wrote: > > > > I'm sorry.... Are you saying that mounting /home as noexec is a good thing > > since folks that are compiling/testing programs won't be allowed to get > > their work done? > > > > Sorry a bit confused here.... Sure, it is only Monday. > > There are always tradeoffs between usability and security. This one is > pretty extreme, even for people who just write a few convenience scripts > so they don't have to repeated type long command lines to unix tools for > things they do more than once. It may appear extreme from the perspective of anyone who plans to be compiling code or writing scripts, but is still a valid and effective security measure for production, internet facing servers, or for desktops used by people who will only be using GUI-based apps. Cheers, Ben
