I'd created a script: -
vi /tmp/sayHello.sh
#!/bin/bash
echo "Hello World!"
and made it executable: -
chmod +x /tmp/sayHello.sh
and validated it: -
ls -al /tmp/sayHello.sh
-rwxrwxr-x 1 daveh daveh 32 Feb 11 14:53 /tmp/sayHello.sh
but, when I tried to execute it: -
/tmp/sayHello.sh
-bash: /tmp/sayHello.sh: Permission denied
I even tried as root: -
su -
whoami
root
ls -al /tmp/sayHello.sh
-rwxrwxr-x 1 daveh daveh 32 Feb 11 14:53 /tmp/sayHello.sh
/tmp/sayHello.sh
-bash: /tmp/sayHello.sh: Permission denied
It took me a while .... with the kind support of a colleague ... to realise where I was going wrong.
I had ASSUMED that there'd be no issue running a script from /tmp ......
You know what they say about assumptions, right ?
It transpired that, for this particular Ubuntu box, the /tmp file-system was mounted with the noexec bit set.
This was evidenced via the mount command, which returned: -
...
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,noexec,relatime,mode=777)
...
I simulated the same situation with a RHEL box: -
mkdir /foobar
vi /foobar/sayHello.sh
#!/bin/bash
echo "Hello World!"
chmod +x /foobar/sayHello.sh
mkdir /snafu
mount -o bind /foobar /snafu
/snafu/sayHello.sh
Hello World!
mount -o remount,noexec,nosuid,nodev,bind /foobar/ /snafu
/snafu/sayHello.sh
-bash: /snafu/sayHello.sh: Permission denied
In this example, I'm using mount -o bind and mount -o remount to simulate the /tmp file-system on the Ubuntu boxen, rather than creating a new file-system.
However, the point remains the same - I did not know about the noexec ( and corresponding nosuid and nodev mount options - as evidenced here: -
/dev/mapper/rhel-root on /snafu type xfs (rw,nosuid,nodev,noexec,relatime,seclabel,attr2,inode64,noquota)
No comments:
Post a Comment