30/06/2010 14:03 +0200, Gasser Marc wrote: > Hi, Hi Marc, > when I insert a disc in my cdrom on SL51 it is > mounted automatically with option noexec (autofs is not running, no entry > for /dev/cdrom in fstab). > > How can I change this behaviour, e.g. I'd like to have it > in exec mode. Yes, of course, old good times of /etc/fstab for external device mounting are gone and now we are in the power of UDev/HAL/Gnome-VFS hells magic. Many thanks for David and Jon for good explanation of changing of default behavior of ext. storage mounting, but we must keep in mind about serious security problems of such solutions: 'noexec' mounting is great wall from malicious code from external untrusted sources, viruses, trojans and so on. Just take a look, for example, in this presentation: http://people.redhat.com/sgrubb/files/hardening-rhel5.pdf My 5 cents about another possible ways for this problem solving: 1. The simplest way for the single-use 'exec' mount is a just remounting: mount -o remount,exec /dev/cdrom 2. The more convenient way, especially for setting up device drivers or 3-rd party software, is a using a 'autorun' standard mechanism. RHEL provide this one by additional_cds fristboots plugin -- it mount CD/DVD at 'exec' mode, find 'autorun' script and run it. In SL this plugin removed by 'sl-release' package. Troy, what do you think, me be this possibility will be useful for SL-users -- some of HW vendors (Samsung, for ex.) now put such installers on device drivers media? In addition to fristboot plugin we made a special package for running of 'autorun' scripts in a users session: http://downloads.naulinux.ru/pub/NauLinux/5.5/i386/SL/run_autorun-1.1-1.Nau5x.noarch.rpm http://downloads.naulinux.ru/pub/NauLinux/5x/SRPMS/run_autorun-1.1-1.Nau5x.src.rpm It's run by consolehelper wrapper and ask root's password from user as a protection from fool, look to hal-mounted devices, search 'autorun' scripts, remount to 'exec'-mode, run 'autorun' and remount storage once again to 'noexec'-mode. Of course, we have a dangerous period during 'exec' mounting stage in multi-user environments, but it seems the least harm in comparison with 'exec'-mounting by default. > Regards, > > Marc Best wishes, --Oleg