Disallow execution in home directory Is there any way to disallow file execution from home director in Linux? My target is to protect my system from malicious scripts etc. Sure, I can remove execution bit with chmod f...--prophetes.ai

Disallow execution in home directory Is there any way to disallow file execution from home director in Linux? My target is to protect my system from malicious scripts etc. Sure, I can remove execution bit with chmod for `/home/user` and all its subdirectories but it easy could be changed since `user` is owner of `/home/user`. So I think about enabling execution from `bin`, `/usr/bin`, `usr/sbin` only and disallow execution from other directories. My system is Debian 8.

1. if `/home` is a separate partition, you can mount it with the `noexec` option.

2. By doing this, you are destroying (or attempting to) much of the functionality of a unix system for your users as it disables ALL user-written scripts, not just "malicious" ones. Writing scripts to get stuff done is a perfectly normal thing for unix users to do.

3. It still doesn't stop them from writing scripts and executing them with `bash myscript.sh` or `perl myscript.pl` etc.

4. If you don't have at least minimal trust in your users, don't give them a shell, or give them a restricted shell such as `/bin/rbash` instead of `/bin/bash`.