HPE Community
Operating System - HP-UX
1831435 Members
3404 Online
110025 Solutions
New Discussion

making a file/script unreadable to others

 
Narasimham
Advisor

‎04-12-2002 10:58 AM

‎04-12-2002 10:58 AM

making a file/script unreadable to others

can we make a UNIX script unreadable (but executable) to other users even though the file has all permissions.

Thanks in advance
Narasimham
0 Kudos
Reply
6 REPLIES 6
Francois Bariselle_3
Regular Advisor

‎04-12-2002 11:32 AM

‎04-12-2002 11:32 AM

Re: making a file/script unreadable to others

Hi,

Give this permission to your file script:

-rwx--x--x :
See the manual abouth chmod. man chmod

Frank.
Fais la ...
0 Kudos
Reply
John Carr_2
Honored Contributor

‎04-12-2002 11:32 AM

‎04-12-2002 11:32 AM

Re: making a file/script unreadable to others

Hi

chmod 711 scriptfilename

John.
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎04-12-2002 11:56 AM

‎04-12-2002 11:56 AM

Re: making a file/script unreadable to others

Hi:

There is a "dirty" way to achieve what you want. You need to establish your script as a 'setuid' script. Consider this script:

#/usr/bin/sh
id
exit 0

Call the script 'my.sh' and do:

# chown root my.sh
# chmod 4111 my.sh

*Anyone* can now execute the script, but only 'root' can read or write the script.

Regards!

...JRF...
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎04-12-2002 12:16 PM

‎04-12-2002 12:16 PM

Re: making a file/script unreadable to others

I respectfully disagree with the 711 perm - a script cannot be executed if it cannot be read - JRF has it right - SUID is the way to go - although 4711 should be just as safe as long as root:sys owns it and would be necessary if someone other than root owned it & was required to own the process no matter who executes.

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Darrell Allen
Honored Contributor

‎04-12-2002 12:16 PM

‎04-12-2002 12:16 PM

Re: making a file/script unreadable to others

Hi Narasimham,

To add to JRF's good answer...

Not only is it a good practice to specify the command / shell to use to interpret the script on the first line of the script, it is required for JRF's answer to work.

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
0 Kudos
Reply
David Lodge
Trusted Contributor

‎04-12-2002 11:46 PM

‎04-12-2002 11:46 PM

Re: making a file/script unreadable to others

As a further note. Under HP-UX 11 (and most modern unices) you *can* execute a script without read permissions.

This used to not be the case, but many unix developers have decided to allow it.

I would try and avoid SUID scripts if possible - simply because they allow the possibility of security flaws such as race conditions, break-outs etc...

dave
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.