Operating System - HP-UX
1831435 Members
3404 Online
110025 Solutions
New Discussion

making a file/script unreadable to others

 
Narasimham
Advisor

making a file/script unreadable to others

can we make a UNIX script unreadable (but executable) to other users even though the file has all permissions.

Thanks in advance
Narasimham
6 REPLIES 6
Francois Bariselle_3
Regular Advisor

Re: making a file/script unreadable to others

Hi,

Give this permission to your file script:

-rwx--x--x :
See the manual abouth chmod. man chmod

Frank.
Fais la ...
John Carr_2
Honored Contributor

Re: making a file/script unreadable to others

Hi

chmod 711 scriptfilename

John.
James R. Ferguson
Acclaimed Contributor

Re: making a file/script unreadable to others

Hi:

There is a "dirty" way to achieve what you want. You need to establish your script as a 'setuid' script. Consider this script:

#/usr/bin/sh
id
exit 0

Call the script 'my.sh' and do:

# chown root my.sh
# chmod 4111 my.sh

*Anyone* can now execute the script, but only 'root' can read or write the script.

Regards!

...JRF...
Jeff Schussele
Honored Contributor

Re: making a file/script unreadable to others

I respectfully disagree with the 711 perm - a script cannot be executed if it cannot be read - JRF has it right - SUID is the way to go - although 4711 should be just as safe as long as root:sys owns it and would be necessary if someone other than root owned it & was required to own the process no matter who executes.

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Darrell Allen
Honored Contributor

Re: making a file/script unreadable to others

Hi Narasimham,

To add to JRF's good answer...

Not only is it a good practice to specify the command / shell to use to interpret the script on the first line of the script, it is required for JRF's answer to work.

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
David Lodge
Trusted Contributor

Re: making a file/script unreadable to others

As a further note. Under HP-UX 11 (and most modern unices) you *can* execute a script without read permissions.

This used to not be the case, but many unix developers have decided to allow it.

I would try and avoid SUID scripts if possible - simply because they allow the possibility of security flaws such as race conditions, break-outs etc...

dave