are you saying if a user has access to vim and gcc, can they not compile and run software? though I suppose if everything they have access to is noexec...
Printable View
are you saying if a user has access to vim and gcc, can they not compile and run software? though I suppose if everything they have access to is noexec...
Yes, they can still compile their programs. But because of the noexec bit they cannot execute the resulting binary (or scripts for that matter).
If you're that worried about your security I highly recommend removing gcc from production machines.
I agree.... 'chmod' does all my job for my machine which is frequently shared with my friends. they try all they can to delete or modify contents from a directory which is shared but read only. There are some softwares in that directory for my use but thay cannot execute it.
Even though this is of course not a n enetreprise scenario, but then it is all the same case. 'chmod' is good enough to protect the files.