On Fri, 23 Nov 2012 13:12:57 -0600 Leonid Isaev <lisaev@xxxxxxxxxxxx> wrote: > In any case, even with noexec and fmask=0177, calling > "bash /media/<dir>/<script>" still works, so you must be doing > something wrong... I missed the tried sh part. You only need read for shell as bash is what has execute permissions. It would be good if interpreters honoured noexec or there was a nointerp flag but they don't. Of course you can wrap any interpreter easily enough to do this. Can you even open the script that failed with an editor and you did use /bin/sh script.sh and not . to execute, right. If you can read with root but not a user or not with root or not with either then it might be quite telling. If you can read with both then the output of mount would be needed and might be useful anyway.
