On 02/15/2017 08:47 AM, Valeri Galtsev wrote: > And yes, ALL user writable places (including often overlooked /dev/shm) > are mounted with nosuid, nosgid, nodev, noexec options on servers where > users are allowed to have shell. How sure are you? On the system I'm looking at right now, any user can write to: /dev/mqueue /dev/shm /run/user/<uid> /run/screen/S-<user> /var/spool/samba /home/<user> /tmp /var/tmp Notably, the "screen" and "samba" locations only appear when the respective packages are installed, so the places users can write may vary from system to system.