[SOLVED] Home partition mounted with 'noexec'

veeall · 03-09-2021, 10:09 PM

Hi!
I don't remember what i might have changed, but now, in my slackware 14.2 system, i cannot run programs from my home partition, receiving 'permission denied' error. I noticed my home partition is mounted with noexec option, though it is not set in fstab:

Quote:

#/dev/sda1
PARTUUID="a9c7a7a1-01" swap swap defaults,discard 0 0
#/dev/sda3
PARTUUID="a9c7a7a1-03" / jfs defaults,noatime,discard 1 1
#/dev/sda4
PARTUUID="a9c7a7a1-04" /home ext4 rw,users,noatime,discard 1 2

#/dev/cdrom /mnt/cdrom auto noauto,owner,ro,comment=x-gvfs-show 0 0
#/dev/fd0 /mnt/floppy auto noauto,owner 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
proc /proc proc defaults 0 0
tmpfs /dev/shm tmpfs defaults 0 0

#tmpfs /tmp tmpfs defaults,size=50%,mode=1777 0 0
#tmpfs /var/tmp tmpfs defaults,size=10%,mode=1777 0 0

my /etc/mtab:

Quote:

/dev/sda3 / jfs rw,noatime,discard 0 0
proc /proc proc rw 0 0
sysfs /sys sysfs rw 0 0
tmpfs /dev/shm tmpfs rw 0 0
/dev/sda4 /home ext4 rw,noatime,noexec,nosuid,nodev,discard 1 2
gvfsd-fuse /home/m/.gvfs fuse.gvfsd-fuse rw,nosuid,nodev,user=m 0 0
/dev/sdc1 /media/sdc1 ext4 rw,nodev,nosuid,noexec,errors=remount-ro,user 0 0
/dev/sdb1 /media/sdb1 fuseblk rw,nosuid,nodev,noexec,allow_other,default_permissions,blksize=4096 0 0
/dev/sdd1 /media/android fuseblk rw,nosuid,nodev,allow_other,default_permissions,blksize=4096 0 0

/proc/mounts:

Quote:

/dev/root / jfs rw,noatime,discard=64 0 0
devtmpfs /dev devtmpfs rw,relatime,size=4043608k,nr_inodes=1010902,mode=755 0 0
proc /proc proc rw,relatime 0 0
sysfs /sys sysfs rw,relatime 0 0
tmpfs /run tmpfs rw,relatime,mode=755 0 0
devpts /dev/pts devpts rw,relatime,gid=5,mode=620,ptmxmode=000 0 0
tmpfs /dev/shm tmpfs rw,relatime 0 0
cgroup_root /sys/fs/cgroup tmpfs rw,relatime,mode=755 0 0
cpuset /sys/fs/cgroup/cpuset cgroup rw,relatime,cpuset,clone_children 0 0
cpu /sys/fs/cgroup/cpu cgroup rw,relatime,cpu 0 0
cpuacct /sys/fs/cgroup/cpuacct cgroup rw,relatime,cpuacct 0 0
blkio /sys/fs/cgroup/blkio cgroup rw,relatime,blkio 0 0
memory /sys/fs/cgroup/memory cgroup rw,relatime,memory 0 0
devices /sys/fs/cgroup/devices cgroup rw,relatime,devices 0 0
freezer /sys/fs/cgroup/freezer cgroup rw,relatime,freezer 0 0
net_cls /sys/fs/cgroup/net_cls cgroup rw,relatime,net_cls 0 0
perf_event /sys/fs/cgroup/perf_event cgroup rw,relatime,perf_event,release_agent=/run/cgmanager/agents/cgm-release-agent.perf_event 0 0
net_prio /sys/fs/cgroup/net_prio cgroup rw,relatime,net_prio 0 0
pids /sys/fs/cgroup/pids cgroup rw,relatime,pids,release_agent=/run/cgmanager/agents/cgm-release-agent.pids 0 0
fusectl /sys/fs/fuse/connections fusectl rw,relatime 0 0
/dev/sda4 /home ext4 rw,nosuid,nodev,noexec,noatime,discard,data=ordered 0 0
cgmfs /run/cgmanager/fs tmpfs rw,relatime,size=100k,mode=755 0 0
gvfsd-fuse /home/m/.gvfs fuse.gvfsd-fuse rw,nosuid,nodev,relatime,user_id=1000,group_id=100 0 0
/dev/sdc1 /media/sdc1 ext4 rw,nosuid,nodev,noexec,relatime,errors=remount-ro,data=ordered 0 0
/dev/sdb1 /media/sdb1 fuseblk rw,nosuid,nodev,noexec,relatime,user_id=0,group_id=100,default_permissions,allow_other,blksize=4096 0 0
tmpfs /run/firejail/dbus tmpfs rw,nosuid,nodev,noexec,relatime,mode=755 0 0
/dev/sdd1 /media/android fuseblk rw,nosuid,nodev,relatime,user_id=0,group_id=0,default_permissions,allow_other,blksize=4096 0 0

How should i resolve this? I would like to launch cli binaries and tor-browser or appimages from home partition.

veeall · 03-09-2021, 11:13 PM

Is it ok if i add 'exec' option into fstab?
Does it compromises the security?

veeall · 03-09-2021, 11:21 PM

Okey, i added 'exec'.

GazL · 03-10-2021, 04:14 AM

"users" implies "noexec", and you really don't want non-root users messing with /home anyway.

drumz · 03-10-2021, 08:47 AM

I'm pretty sure you want to remove the "users" option from your /etc/fstab file. From "man mount":

Code:

       users  Allow  any user to mount and to unmount the filesystem, even when some other
              ordinary user mounted it.  This option implies the options  noexec,  nosuid,
              and  nodev  (unless  overridden by subsequent options, as in the option line
              users,exec,dev,suid).

After removing option "users" (and remounting) your "exec" option will be back.

The reason you don't want "users" is that normal users shouldn't be mounting/unmounting /home. Only root should do that, and only at bootup/shutdown (in normal circumstances).