Where do you generally put custom shell scripts (security-wise)?
That's it. I've tried various locations in the past, including /usr/local/bin, /usr/local/sbin, usr/local/bin/myscripts, /home/myaccount/bin... I just can't find any place completely satisfying. The point is: I do not want to put custom shell scripts in /home partition because much of these are systemwide admin scripts, and also because I mount my /home filesystem with noexec option following the security considerations. I do find it logical to put those in /usr/local/bin (and some of them in /usr/local/sbin), however I hesitate doing so as it conflicts with the point of mounting /usr partition readonly, and as many programs place their binaries in /usr/local/bin by default, making too much clutter. I assume I could deal with the latter by using a dedicated subdir like /usr/local/bin/scripts or the like (or specifying --prefix=/usr compile-time option to the programs' .configure scripts, albeit doing so possibly conflicts with the FHS), however ad-hoc remounting /usr readwrite whenever I intend to write, test and debug a script (and remounting readonly again when the job is done) simply isn't too feasible a solution, and not much secure either (in my opinion that is). Is there any known commonly agreed-upon practice for the placement of custom shell scripts, that is as much secure and as much distribution-agnostic as possible? I'd like to hear your opinions.
Thanks for your time,