HPE Community
Operating System - HP-UX
1834204 Members
2580 Online
110066 Solutions
New Discussion

How to prevent a file being execute by sh ?

 
SOLVED
Go to solution
Kennethyap
Frequent Advisor

‎05-31-2006 03:17 PM

‎05-31-2006 03:17 PM

How to prevent a file being execute by sh ?

Dear Experts,
I hv a file, how to disable the file being using execute using sh ?

kenneth...
0 Kudos
Reply
7 REPLIES 7
A. Clay Stephenson
Acclaimed Contributor

‎05-31-2006 03:36 PM

‎05-31-2006 03:36 PM

Re: How to prevent a file being execute by sh ?

Essentially, if a user has access to the shell and permission to the file, you can't. If this program is a true executable (i.e not simply a script) then all the user needs is the execute bit set. If this is a shell script then at least the read bit must be set as well -- and in this case the execute bit makes it possible to directly execute the script rather than having to execute it as "sh myscript.sh".

Now, the way to prevent this is to make the file executable only by members of a certain group and to then disable the other execute and/or read bits. Another approach is to really restrict the permissions and then only allow execution under the control of sudo.
If it ain't broke, I can fix that.
0 Kudos
Reply
Kennethyap
Frequent Advisor

‎05-31-2006 04:00 PM

‎05-31-2006 04:00 PM

Re: How to prevent a file being execute by sh ?

Can it add any script or line in to that file to prevent using sh to execute ?
0 Kudos
Reply
Peter Nikitka
Honored Contributor

‎05-31-2006 07:39 PM

‎05-31-2006 07:39 PM

Re: How to prevent a file being execute by sh ?

Hi,

of course you can put a statement

exit 0

at the beginning of this script or flag it
#!/bin/false

but this would make the script useless and to refuses changes back would require restricting access rights - which better fit for simply disallowing execution and reading without having to change the content of the script.

If you really do not want to have a script executed, crypt it or better remove it.

mfG Peter
The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"
0 Kudos
Reply
TKeller
Frequent Advisor

‎06-01-2006 06:09 AM

‎06-01-2006 06:09 AM

Re: How to prevent a file being execute by sh ?

You could add a few more checks to your script (assuming it's a shell script in my examples).

The only real method I can think of is to add a LOGNAME and PPID (with according awk checks) check (both should match and someone didn't just change their LOGNAME variable to whatever your script would allow).

Other than simplistic checks like that, which can be bypassed, I'd take the advice of the previous posters.
It is said you should treat your body like a temple. I treat mine like an amusement park.
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎06-01-2006 12:46 PM

‎06-01-2006 12:46 PM

Re: How to prevent a file being execute by sh ?

Is this a script that is only to be run by ksh or some other shell? If so, you are missing the interpreter line at the beginning of the script:

#!/usr/bin/ksh

All scripts should have this line. Otherwise, when you run a script without the directive, the current shell (whatever it is) will run the script.


Bill Hassell, sysadmin
0 Kudos
Reply
Kenan Erdey
Honored Contributor

‎06-01-2006 06:33 PM

‎06-01-2006 06:33 PM

Re: How to prevent a file being execute by sh ?

hi;

shell=`ps -fp $$|tail -1|awk '{print $(NF-1)}'`
if [ "$shell" = "sh" ]
then
exit
fi
Computers have lots of memory but no imagination
0 Kudos
Reply
Raj D.
Honored Contributor

‎06-01-2006 06:58 PM

‎06-01-2006 06:58 PM

Solution

Re: How to prevent a file being execute by sh ?

Kennethyap,

Just wondering why do you need this kind of settings. You can use restricted shell rsh , and can use # chmod ugo-x filename to remove the executaion flag.


Cheers,
Raj.
" If u think u can , If u think u cannot , - You are always Right . "
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.