HPE Community
Operating System - HP-UX
1819761 Members
2953 Online
109606 Solutions
New Discussion юеВ

Re: Setting Execute-Only Permission on a Unix Shell Script for Group & Others

 
Ravi S. Banda
Regular Advisor

тАО01-18-2007 08:32 AM

тАО01-18-2007 08:32 AM

Setting Execute-Only Permission on a Unix Shell Script for Group & Others

How do I set Execute-Only Permission on a Unix Shell Script for Group & Others?

I would like the group and "others" to be able to just execute my shell script, but not be able to read the shell script.

Could you tell me how I could accomplish it?
Thanks!
0 Kudos
Reply
15 REPLIES 15
Sandman!
Honored Contributor

тАО01-18-2007 08:35 AM

тАО01-18-2007 08:35 AM

Re: Setting Execute-Only Permission on a Unix Shell Script for Group & Others

# chmod go-r-w+x filename
0 Kudos
Reply
Rick Garland
Honored Contributor

тАО01-18-2007 08:39 AM

тАО01-18-2007 08:39 AM

Re: Setting Execute-Only Permission on a Unix Shell Script for Group & Others

chmod 111 $FILE
would give perms of --x--x--x for the file
Nobody could read/write the file (except root, of course)

0 Kudos
Reply
Ravi S. Banda
Regular Advisor

тАО01-18-2007 08:40 AM

тАО01-18-2007 08:40 AM

Re: Setting Execute-Only Permission on a Unix Shell Script for Group & Others

But, then, I cannot execute the file because I don't have read permissions on the file. I just tried after reading the reply from you.

cat /etc/lp/interface/myshell.sh
cat: Cannot open /etc/lp/interface/myshell.sh: Permission denied

The above is what I need but:

./myshell.sh
./myshell.sh: Cannot find or open the file.

But, I want to be able to execute.

Thanks!
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

тАО01-18-2007 08:40 AM

тАО01-18-2007 08:40 AM

Re: Setting Execute-Only Permission on a Unix Shell Script for Group & Others

Hi Ravi:

You can't. Shell scripts must be *readable* and executable to be executable (unless you are the root user). The shell interpreter (as specified on the "she-bang" line) must be able to read the file to interpret and execute it.

Regards!

...JRF...
0 Kudos
Reply
Jeff_Traigle
Honored Contributor

тАО01-18-2007 08:41 AM

тАО01-18-2007 08:41 AM

Re: Setting Execute-Only Permission on a Unix Shell Script for Group & Others

While you can set the permissions that way, it won't work. Shell scripts must be read to be executed. See the results:

jtraigle$ ls -l test.sh
-rwx--x--x 1 root sys 35 Jan 18 15:39 test.sh
jtraigle$ ./test.sh
/usr/bin/sh: ./test.sh: Cannot find or open the file.
--
Jeff Traigle
0 Kudos
Reply
Rick Garland
Honored Contributor

тАО01-18-2007 08:45 AM

тАО01-18-2007 08:45 AM

Re: Setting Execute-Only Permission on a Unix Shell Script for Group & Others

My mistake - I was working as root
0 Kudos
Reply
Ravi S. Banda
Regular Advisor

тАО01-18-2007 09:05 AM

тАО01-18-2007 09:05 AM

Re: Setting Execute-Only Permission on a Unix Shell Script for Group & Others

So, there's no solution?

ps: When I run the script, I login as a non-root user.

Thanks!
0 Kudos
Reply
Patrick Wallek
Honored Contributor

тАО01-18-2007 09:06 AM

тАО01-18-2007 09:06 AM

Re: Setting Execute-Only Permission on a Unix Shell Script for Group & Others

Correct. The script MUST be readable to be executed.
0 Kudos
Reply
Patrick Wallek
Honored Contributor

тАО01-18-2007 09:13 AM

тАО01-18-2007 09:13 AM

Re: Setting Execute-Only Permission on a Unix Shell Script for Group & Others

A good article on shell script security:
http://searchopensource.techtarget.com/tip/0,289483,sid39_gci1216976,00.html

There is a package called SHC that may be of some use to you. I have not used it, but rather just found it via google.

SHC 2.4a
http://hpux.connect.org.uk/hppd/hpux/Shells/shc-2.4a/
0 Kudos
Reply
Jeff_Traigle
Honored Contributor

тАО01-18-2007 09:27 AM

тАО01-18-2007 09:27 AM

Re: Setting Execute-Only Permission on a Unix Shell Script for Group & Others

Well, no direct solution with permissions.

You could configure sudo to take care of it by allowing certain users to execute the script as the scripts owner and set the script permissions to read and execute only for the owner.
--
Jeff Traigle
0 Kudos
Reply
TwoProc
Honored Contributor

тАО01-18-2007 10:33 AM

тАО01-18-2007 10:33 AM

Re: Setting Execute-Only Permission on a Unix Shell Script for Group & Others

The program "sudo" would be a nice facilitator for this requirement. Using the sudo tool, you could give execute access to a single .sh script file(or more if needed), but the permission could be set so that the intended user could never read it,only run it.

Of course, you'd have to go through the time & effort to set up "sudo" on the server - but it is useful for many things, and therefore it would pay you back for your effort(s) over time anyway.

We are the people our parents warned us about --Jimmy Buffett
0 Kudos
Reply
TwoProc
Honored Contributor

тАО01-18-2007 10:39 AM

тАО01-18-2007 10:39 AM

Re: Setting Execute-Only Permission on a Unix Shell Script for Group & Others

Ugh,

I just noticed Jeff's posting re: sudo. Excuse the posting.
We are the people our parents warned us about --Jimmy Buffett
0 Kudos
Reply
Ravi S. Banda
Regular Advisor

тАО01-18-2007 01:06 PM

тАО01-18-2007 01:06 PM

Re: Setting Execute-Only Permission on a Unix Shell Script for Group & Others

points submitted. Thanks, all.
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

тАО01-19-2007 10:23 PM

тАО01-19-2007 10:23 PM

Re: Setting Execute-Only Permission on a Unix Shell Script for Group & Others

This is not MPE/iX where the CI is in bed with the kernel and can get away with only execute permission.

As mentioned by others, you need read permission.
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

тАО01-20-2007 12:47 PM

тАО01-20-2007 12:47 PM

Re: Setting Execute-Only Permission on a Unix Shell Script for Group & Others

You have to realize that a shell script is not a true executable; the actual executable in the case is /usr/bin/sh and it (as would any other binary executable) executes without the read bit being set. But in order to execuate an interpreted script (e.g shell script, Perl script, etc.) the read bit must be set.
If it ain't broke, I can fix that.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.