For ssh access, use public keys instead of username/password. For mounting an smb share, use the "cred=" option in "sudo mount ..." commands where the file is only readable by effective user running mount.
If it is a password that the user of the script has access to, have the enter it in manually instead of putting it in a world readable script. E.G. don't use "mysql -u $USERNAME $DATABASE -p$PASSWORD" but instead use "mysql -u $USERNAME $DATABASE -p".
Or if you want to hide other users from seeing this users password, have the password read from the users HOME directory where other users can't read it.
Use polkit to allow a local session regular user to perform the action. (If there is a polkit authorization to do it)
Configure sudo to allow the user to perform that command, while requiring the users password, so the target password can remain a secret.
Last edited by jschiwal; 02-09-2010 at 05:10 AM.