If I have multiuser Linux installation with shell and DE access, my users have not places in system, where they able download something from internet and execute: / ro,exec /home rw,noexec /var rw,noexec All tmpfs noexec In Debian wheezy this done and work. In Debian jessie I have places (/run/users/*), where users may execute dowloaded executables. What I must do with this? Sorry my english. <div class="gmail_quote">16.02.2015 14:10 пользователь "Lennart Poettering" <<a href="mailto:lennart@poettering.net">lennart@poettering.net</a>> написал: <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">B1;3802;0cOn Sun, 15.02.15 16:31, Павел Самсонов (<a href="mailto:pvsamsonov76@gmail.com">pvsamsonov76@gmail.com</a>) wrote: > Good day, I see a new Debian jessie, and I mean, that /var/run/<pid> > filesystems must be mounted with noexec options, so thay have user write > access. On some installations this very important. Were I may configure > this, or may be You change your default mount options? > Sorry my English, best regards, Pavel, Russia. I cannot parse this. Do you mean /run/user/<uid>? /var/run/<pid> is not a separate mount, /run is, and that is not user writable. The /run/user/<uid> directory is mounted to implement XDG_RUNTIME_DIR. We guarantee certain functionality on it, including the ability to have executable files there, and that's specified in the XDG_RUNTIME_DIR spec. Hence, the only way to change it is by patching logind, and we will not add a configuration option for this, since it would mean XDG_RUNTIME_DIR would not provide what it's supposed to provide anymore. Note though that /run/user/<uid> is mounted as per-user tmpfs instance, with nosuid and nodev, and a size limit applied. It should hence be a pretty safe thing. Also note that "noexec" doesn't really do what people think it does. Lennart -- Lennart Poettering, Red Hat </blockquote></div>