ubuntu20.04 bind mount always setting noexec

Question

I have a folder that I'm mounting via /etc/fstab with an entry like this:

/m/svr/usrlocal/bin     /usr/local/bin2     none exec,bind 0 0

When I mount this folder, syslog produces no error message or comment, and the folder is mounted, as can be seen by findmnt --real:

> findmnt --real|grep usr.local.bin2
├─/usr/local/bin2              /dev/sda2[/svr/usrlocal/bin]     fuseblk  rw,nosuid,nodev,noexec,relatime,user_id=0,group_id=0,allow_other,blksize=4096

The problem I have, is that, as can be seen above, the folder is mounted with "noexec" permissions, in spite of my specifying exec on the fstab line. I have tried this with 'exec,defaults' and defaults (without specifying exec) and several other combinations, but to no avail. No error message, but I also don't get what I want. (/usr/local/bin2/scriptname always returns access denied error.)

Is there a way, with bind mount on ubuntu 20.04, to mount a folder with execute permissions?

ADDITIONAL INFORMATION

The directory to which I'm mounting, is in the root filesystem of the server. Its permissions are already set to drwxrwxr-x

When I add remount to the options as in the following, I get this error when trying to mount: "mount: /usr/local/bin2: mount point not mounted or bad option."

/m/svr/usrlocal/bin     /usr/local/bin2    none remount,exec,bind 0 0

Here is the full output of "mount" without options:

sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
udev on /dev type devtmpfs (rw,nosuid,noexec,relatime,size=32827460k,nr_inodes=8206865,mode=755,inode64)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,nodev,noexec,relatime,size=6572748k,mode=755,inode64)
/dev/sdc2 on / type ext4 (rw,relatime,errors=remount-ro)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,inode64)
tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k,inode64)
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755,inode64)
cgroup2 on /sys/fs/cgroup/unified type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,name=systemd)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
efivarfs on /sys/firmware/efi/efivars type efivarfs (rw,nosuid,nodev,noexec,relatime)
bpf on /sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)
cgroup on /sys/fs/cgroup/pids type cgroup (rw,nosuid,nodev,noexec,relatime,pids)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/misc type cgroup (rw,nosuid,nodev,noexec,relatime,misc)
cgroup on /sys/fs/cgroup/rdma type cgroup (rw,nosuid,nodev,noexec,relatime,rdma)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,nosuid,nodev,noexec,relatime,hugetlb)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=28,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=13971)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M)
mqueue on /dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime)
debugfs on /sys/kernel/debug type debugfs (rw,nosuid,nodev,noexec,relatime)
tracefs on /sys/kernel/tracing type tracefs (rw,nosuid,nodev,noexec,relatime)
fusectl on /sys/fs/fuse/connections type fusectl (rw,nosuid,nodev,noexec,relatime)
configfs on /sys/kernel/config type configfs (rw,nosuid,nodev,noexec,relatime)
/var/lib/snapd/snaps/bare_5.snap on /snap/bare/5 type squashfs (ro,nodev,relatime,errors=continue,x-gdu.hide)
/var/lib/snapd/snaps/gnome-3-38-2004_115.snap on /snap/gnome-3-38-2004/115 type squashfs (ro,nodev,relatime,errors=continue,x-gdu.hide)
/var/lib/snapd/snaps/vlc_3078.snap on /snap/vlc/3078 type squashfs (ro,nodev,relatime,errors=continue,x-gdu.hide)
/var/lib/snapd/snaps/core18_2679.snap on /snap/core18/2679 type squashfs (ro,nodev,relatime,errors=continue,x-gdu.hide)
/var/lib/snapd/snaps/core18_2697.snap on /snap/core18/2697 type squashfs (ro,nodev,relatime,errors=continue,x-gdu.hide)
/var/lib/snapd/snaps/gnome-3-38-2004_119.snap on /snap/gnome-3-38-2004/119 type squashfs (ro,nodev,relatime,errors=continue,x-gdu.hide)
/var/lib/snapd/snaps/gnome-3-34-1804_77.snap on /snap/gnome-3-34-1804/77 type squashfs (ro,nodev,relatime,errors=continue,x-gdu.hide)
/var/lib/snapd/snaps/core20_1778.snap on /snap/core20/1778 type squashfs (ro,nodev,relatime,errors=continue,x-gdu.hide)
/var/lib/snapd/snaps/gtk-common-themes_1534.snap on /snap/gtk-common-themes/1534 type squashfs (ro,nodev,relatime,errors=continue,x-gdu.hide)
/var/lib/snapd/snaps/core20_1822.snap on /snap/core20/1822 type squashfs (ro,nodev,relatime,errors=continue,x-gdu.hide)
/var/lib/snapd/snaps/vlc_2344.snap on /snap/vlc/2344 type squashfs (ro,nodev,relatime,errors=continue,x-gdu.hide)
/var/lib/snapd/snaps/snap-store_638.snap on /snap/snap-store/638 type squashfs (ro,nodev,relatime,errors=continue,x-gdu.hide)
/var/lib/snapd/snaps/snapd_17950.snap on /snap/snapd/17950 type squashfs (ro,nodev,relatime,errors=continue,x-gdu.hide)
/var/lib/snapd/snaps/snap-store_599.snap on /snap/snap-store/599 type squashfs (ro,nodev,relatime,errors=continue,x-gdu.hide)
/var/lib/snapd/snaps/snapd_18357.snap on /snap/snapd/18357 type squashfs (ro,nodev,relatime,errors=continue,x-gdu.hide)
/var/lib/snapd/snaps/gtk-common-themes_1535.snap on /snap/gtk-common-themes/1535 type squashfs (ro,nodev,relatime,errors=continue,x-gdu.hide)
/var/lib/snapd/snaps/gnome-3-34-1804_72.snap on /snap/gnome-3-34-1804/72 type squashfs (ro,nodev,relatime,errors=continue,x-gdu.hide)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,nosuid,nodev,noexec,relatime)
/dev/sdb1 on /v type fuseblk (rw,nosuid,nodev,noexec,relatime,user_id=0,group_id=0,allow_other,blksize=4096,user)
/dev/sdc1 on /boot/efi type vfat (rw,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)
/dev/sda2 on /m type fuseblk (rw,nosuid,nodev,noexec,relatime,user_id=0,group_id=0,allow_other,blksize=4096,user)
/dev/sda2 on /usr/local/backups type fuseblk (rw,nosuid,nodev,noexec,relatime,user_id=0,group_id=0,allow_other,blksize=4096)
/dev/sda2 on /usr/local/etc type fuseblk (rw,nosuid,nodev,noexec,relatime,user_id=0,group_id=0,allow_other,blksize=4096)
/dev/sda2 on /usr/local/log type fuseblk (rw,nosuid,nodev,noexec,relatime,user_id=0,group_id=0,allow_other,blksize=4096)
/dev/sda2 on /usr/local/src type fuseblk (rw,nosuid,nodev,noexec,relatime,user_id=0,group_id=0,allow_other,blksize=4096)
/dev/sdd2 on /5TBU type fuseblk (rw,nosuid,nodev,noexec,relatime,user_id=0,group_id=0,allow_other,blksize=4096,user)
//nas-1/NAS1-Plex on /m/svr/Media/Plex_NAS1 type cifs (rw,nosuid,nodev,noexec,relatime,vers=3.0,sec=ntlmssp,cache=strict,username=dennis,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.1.7,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,noperm,rsize=4194304,wsize=4194304,bsize=1048576,echo_interval=60,actimeo=1,user)
tmpfs on /run/user/125 type tmpfs (rw,nosuid,nodev,relatime,size=6572744k,mode=700,uid=125,gid=130,inode64)
gvfsd-fuse on /run/user/125/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,relatime,user_id=125,group_id=130)
tmpfs on /run/user/1000 type tmpfs (rw,nosuid,nodev,relatime,size=6572744k,mode=700,uid=1000,gid=1000,inode64)
gvfsd-fuse on /run/user/1000/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,relatime,user_id=1000,group_id=1000)
//hpmicro1/share on /o type cifs (rw,nosuid,nodev,noexec,relatime,vers=3.0,sec=ntlmssp,cache=strict,username=dennis,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.1.5,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,noperm,rsize=4194304,wsize=4194304,bsize=1048576,echo_interval=60,actimeo=1,user)
/dev/sda2 on /usr/local/bin2 type fuseblk (rw,nosuid,nodev,noexec,relatime,user_id=0,group_id=0,allow_other,blksize=4096)

Here is the output of findmnt --real

> findmnt --real
TARGET                         SOURCE            FSTYPE   OPTIONS
/                              /dev/sdc2         ext4     rw,relatime,errors=remount-ro
├─/sys/kernel/tracing          tracefs           tracefs  rw,nosuid,nodev,noexec,relatime
├─/snap/bare/5                 /dev/loop0        squashfs ro,nodev,relatime,errors=continue
├─/snap/gnome-3-38-2004/115    /dev/loop2        squashfs ro,nodev,relatime,errors=continue
├─/snap/vlc/3078               /dev/loop3        squashfs ro,nodev,relatime,errors=continue
├─/snap/core18/2679            /dev/loop1        squashfs ro,nodev,relatime,errors=continue
├─/snap/core18/2697            /dev/loop4        squashfs ro,nodev,relatime,errors=continue
├─/snap/gnome-3-38-2004/119    /dev/loop5        squashfs ro,nodev,relatime,errors=continue
├─/snap/gnome-3-34-1804/77     /dev/loop6        squashfs ro,nodev,relatime,errors=continue
├─/snap/core20/1778            /dev/loop10       squashfs ro,nodev,relatime,errors=continue
├─/snap/gtk-common-themes/1534 /dev/loop8        squashfs ro,nodev,relatime,errors=continue
├─/snap/core20/1822            /dev/loop11       squashfs ro,nodev,relatime,errors=continue
├─/snap/vlc/2344               /dev/loop9        squashfs ro,nodev,relatime,errors=continue
├─/snap/snap-store/638         /dev/loop7        squashfs ro,nodev,relatime,errors=continue
├─/snap/snapd/17950            /dev/loop12       squashfs ro,nodev,relatime,errors=continue
├─/snap/snap-store/599         /dev/loop14       squashfs ro,nodev,relatime,errors=continue
├─/snap/snapd/18357            /dev/loop15       squashfs ro,nodev,relatime,errors=continue
├─/snap/gtk-common-themes/1535 /dev/loop13       squashfs ro,nodev,relatime,errors=continue
├─/snap/gnome-3-34-1804/72     /dev/loop16       squashfs ro,nodev,relatime,errors=continue
├─/v                           /dev/sdb1         fuseblk  rw,nosuid,nodev,noexec,relatime,user_id=0,group_id=0,allow_other,blksize=4096
├─/boot/efi                    /dev/sdc1         vfat     rw,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro
├─/m                           /dev/sda2         fuseblk  rw,nosuid,nodev,noexec,relatime,user_id=0,group_id=0,allow_other,blksize=4096
│ └─/m/svr/Media/Plex_NAS1     //nas-1/NAS1-Plex cifs     rw,nosuid,nodev,noexec,relatime,vers=3.0,sec=ntlmssp,cache=strict,username=dennis,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.1.7,file_mode=0755,dir
├─/usr/local/backups           /dev/sda2[/svr/usrlocal/backups]
│                                                fuseblk  rw,nosuid,nodev,noexec,relatime,user_id=0,group_id=0,allow_other,blksize=4096
├─/o                           //hpmicro1/share  cifs     rw,nosuid,nodev,noexec,relatime,vers=3.0,sec=ntlmssp,cache=strict,username=dennis,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.1.5,file_mode=0755,dir                                             
├─/usr/local/etc               /dev/sda2[/svr/usrlocal/etc]
│                                                fuseblk  rw,nosuid,nodev,noexec,relatime,user_id=0,group_id=0,allow_other,blksize=4096
├─/usr/local/log               /dev/sda2[/svr/usrlocal/log]
│                                                fuseblk  rw,nosuid,nodev,noexec,relatime,user_id=0,group_id=0,allow_other,blksize=4096
├─/usr/local/src               /dev/sda2[/svr/usrlocal/src]
│                                                fuseblk  rw,nosuid,nodev,noexec,relatime,user_id=0,group_id=0,allow_other,blksize=4096
├─/usr/local/bin2              /dev/sda2[/svr/usrlocal/bin]
│                                                fuseblk  rw,nosuid,nodev,noexec,relatime,user_id=0,group_id=0,allow_other,blksize=4096
└─/5TBU                        /dev/sdd2         fuseblk  rw,nosuid,nodev,noexec,relatime,user_id=0,group_id=0,allow_other,blksize=4096

~

What filesystem are you trying to mount? Where are you trying to mount it? What happens if you do chmod 755 <your_directory>? — tukan, Commented Feb 20, 2023 at 8:09
Bind mounting silently ignores all options and just uses the source path mount options. Try as a workaround to add the option of remount. — harrymc, Commented Feb 20, 2023 at 9:15
Thank you for your responses. I Have updated the question with the results from your suggestions. Still looking for a workable solution. — Dennis, Commented Feb 20, 2023 at 14:01
@harrymc please make your comment into an answer (minus the remount bit) and I will accept it. I misread initially, thinking you were saying that I couldn't override the attributes of the mount-point-parent. But you meant that I cannot override the attributes of the mounted-directory-parent, which turns out to be the culprit here. (Can be seen above: /m is mounted with noexec, so anything under /m cannot be mounted with exec.) — Dennis, Commented Feb 20, 2023 at 14:31

harrymc · Accepted Answer · 2023-02-20 14:39:12Z

0

+50

This subject is treated in depth in the article Read-only bind mounts.

In short, a mount-point that is partial to a parent cannot override the parent's attributes, so will inherit them from the parent, in effect ignoring all the specified options for the mount-point that conflict with the parent's.

The linked article shows a workaround method when using the bind command, but which does not apply to /etc/fstab.

answered Feb 20, 2023 at 14:39

harrymc

1

1

Regarding --bind -o ro, it's no longer true with recent kernels. Not sure how recent you need, but it has worked for quite a while AFAIK. (After all, the article is ancient.) But indeed apparently the "workaround" (i.e. -o remount) does apply to the [no]exec case as well. (Interestingly btw, when I just tested, an ro bind mount somehow seems to automatically ignore the noexec on the source. Wonder if that's a bug or some intentional convenience.)
– Tom Yan
Commented Feb 20, 2023 at 15:03
Excellent, @harrymc! Thank you!
– Dennis
Commented Feb 24, 2023 at 1:34
Thanks for your additional commentary, @TomYan - very helpful! :)
– Dennis
Commented Feb 24, 2023 at 1:37

Add a comment |

Stack Exchange Network

ubuntu20.04 bind mount always setting noexec

1 Answer 1

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged
mount
.

Hot Network Questions

ubuntu20.04 bind mount always setting noexec

1 Answer 1

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged mount.

Related

Hot Network Questions

Not the answer you're looking for? Browse other questions tagged
mount
.