Bonehead Move, noexec

Andy Green andy at warmcat.com
Fri Feb 16 11:07:49 UTC 2007


Tim wrote:
> On Thu, 2007-02-15 at 17:37 +0000, Andy Green wrote:
> 
>> Are there any other reasons to have partitions and LVM on boxes with
>> one storage device and no possibility for internal expansion?
> 
> I don't see much point of using LVM on a PC that can't possibly have
> more than one hard drive, but partitions do still have their uses.  You
> can mount certain things using file systems more efficient for the
> purpose, you can mount certain things with protective restrictions (such
> as noexec, nodev, etc.), and so on...

I guess that's a real benefit if you want to customize your fstab 
accordingly.  But I also guess few users who have multi partitions are 
doing this.  I think it is common mainly because it is the orthodoxy 
that admins with hair on their chest do it.

BTW I learnt on this list a year or two ago from someone that noexec 
can't be understood as generically stopping execution of anything from 
that mountpoint and can be a false comfort indeed.  Try this:

$ cp /bin/ls .
$ chmod -x ./ls
$ ls -l ./ls
-rw-r--r-- 1 user user 93560 Feb 16 11:01 ./ls
$ ./ls
bash: ./ls: Permission denied
$ /lib/ld-linux.so.2 ./ls
...

/tmp isn't nodev by default either, but you can change that if you were 
hardening it all up I suppose.  Point taken then, but it is pretty 
specialized and maybe not a reason for everyone to get LVM by default.

-Andy




More information about the users mailing list