topic Re: Securing script in Operating System - HP-UX

Securing script

Yajuvendra Singh — Fri, 02 Dec 2005 04:10:53 GMT

Dear all,

I have written a script, but I dont want everyone to view and alter. The problem I am facing like If i hide that script puting 'dot' infront of it, script is not executable. How to excute the hidden scripts.

Re: Securing script

RAC_1 — Fri, 02 Dec 2005 04:21:57 GMT

Every file is executable (whether hidden or open and is really a executable) as long as it has execute perms for it.

ll "file" to know perms set on it.

Re: Securing script

Sยภเl Kย๓คг — Sat, 03 Dec 2005 04:41:49 GMT

Hi,
In unix there is no files called executables, like windows has .exe files. File Permissions are the one which will deffrentiate wether the file is executable or not.
U said that, u have made file hidden by inserting a '.' chatacter in the beginning of the filename. How ever this won't serve your purpose, as anyone gives an 'ls -a', will displays all hidden files in that direcory.

It is better you can setappropriate file permissons to that script so, no user other than root can execute that file.

some thing like $chmod 700 . this will exnure that only the owner of the file has full permissions, read/write and execute on that file.[exept root no other users in the system can read or change or execute the script]

Regards,
Sunil

Re: Securing script

Steven E. Protter — Sat, 03 Dec 2005 12:53:27 GMT

Shalom Yajuvendra Singh,

After making a script.

chmod 700 scriptname

Now only I(root) can do anything to it or with it.

If others need to execute it:

chmod a+x scriptname

Now everyone can execute it.

Usually to execute it you need to be able to read it so use:

chmod a+wx scriptname

In that circumstance.

SEP

Re: Securing script

Bill Hassell — Sat, 03 Dec 2005 18:05:47 GMT

The dot (as the first character) simply limits the ability to 'see' the file's existence using simple commands like ls or ll or echo *. But as mentioned, the -a option will find all files including those that start with a dot. Putting a dot in front does not remove execution capability, it just makes it slightly harder to find the script.

I think you meant that you don't want users to change or read the file. That is two very different problems. Denying change to the file is easy: just remove the w for group and other, permission number = 755. The second limitation (read) is not possible to remove. If you make the file 755, users can run the script but not change it. But because scripts are interpreted, your shell must be able to read the script in order to run it. If you make the script 700 permission, only the owner can read, write and excute the script.

Re: Securing script

Geoff Wild — Sun, 04 Dec 2005 11:42:34 GMT

If you really don't want someone (easily) to know the contents of a script - then the only other option you have is to convert it to C - and compile it....

Rgds...Geoff

Re: Securing script

Raj D. — Mon, 05 Dec 2005 13:18:59 GMT

Hi Yajuvendra ,

You need to make it executable by assigning the x flag , to owner , group or other , as you want it to be.

# chmod +x .scriptname

And also a best option to hide it , to write the same program in c code and compile it. You are done.

Cheers,
Raj.

Re: Securing script

Yajuvendra Singh — Wed, 07 Dec 2005 01:07:01 GMT

Dear all,

Thanks for everyone for your valuable time sharing knowledge. Really the solutions were very much helpfull to me.

Can please anyone tell me how to assign points and close the issue.

Thank you.

Re: Securing script

Muthukumar_5 — Wed, 07 Dec 2005 01:11:51 GMT

You can change permission to 700 with chmod to the script or build a c file with system command to execute those shell script.

To assign points, in the right end a drop down box with points there.. Assign those points and come down to this thread and click assign points.

It will make it.

hth.

Re: Securing script

Muthukumar_5 — Wed, 07 Dec 2005 01:13:18 GMT

FAQ section to say about assigning points is as,

http://forums1.itrc.hp.com/service/forums/helptips.do?#33

-Muthu

Re: Securing script

Yajuvendra Singh — Sun, 18 Dec 2005 13:11:45 GMT

Dear all,

I am thankfull to for providing me usefull information of securing a file(or script).

Especially few information were really good and imbibable.

Thank you once again and I look forward for the same in future.