LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-08-2009, 04:39 AM   #1
onesikgypo
Member
 
Registered: Jun 2008
Posts: 56

Rep: Reputation: 15
Make a Bash script executable but not readable


Hi,

I was wondering whether there were any methods (creative or otherwise) where a bash script could be executed by anyone via /usr/bin - but theyre not able to see the coding inside the scripts

i.e i have a script

/usr/bin/abc123

which contains the code:

Code:
#!/bin/bash
echo success!
i need it so that particular users can execute abc123

Code:
-bash-3.2$ abc123
success!
but if they tried to do: nano /usr/bin/abc123 - they would be unable to execute the script.

One thing i thought of - but not sure of - is if for example i had

/home/JohnSmith/abc123

which was only executable by root (?)

then have a 777 symlink /usr/bin/abc123 pointing to /home/JohnSmith/abc123

not sure if something like that'd work

Any assistance would be greatly appreciated. Thanks.
 
Old 09-08-2009, 05:06 AM   #2
healyma
Member
 
Registered: Feb 2009
Location: Mayo, Ireland
Distribution: LFS 6.4; Debian 5.4; Mythbuntu & Kubuntu 10.04
Posts: 49

Rep: Reputation: 19
Not sure about this myself, but could you chmod 711 - i.e. owner read,write,execute - group execute - other execute?

If you symlink the file, would you not need to grant access to the original (i.e. the file in John Smith's home folder
 
Old 09-08-2009, 05:40 AM   #3
colucix
LQ Guru
 
Registered: Sep 2003
Location: Bologna
Distribution: CentOS 6.5 OpenSuSE 12.3
Posts: 10,509

Rep: Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978
Unfortunately mode 711 does not work as intended, since if the shell cannot read the script, it cannot even execute. The way to go is probably some kind of encryption, but I wonder why someone should be concerned about hiding the content of a script to the users, when preventing intentional or accidental modifications should be enough. Anyway, here is a thread where the argument has been extensively discussed. There are some interesting solutions among the lines.
 
Old 09-08-2009, 08:42 AM   #4
onesikgypo
Member
 
Registered: Jun 2008
Posts: 56

Original Poster
Rep: Reputation: 15
Ok thanks ill take a look at the thread,

The purpose of the script is that it contains original coding, you can consider it something like a "trade secret" - so whilst we want people to be able to use this tool, we want to make sure that nobody can read the files coding - if you understand what i mean.
 
Old 09-08-2009, 08:47 AM   #5
i92guboj
Gentoo support team
 
Registered: May 2008
Location: Lucena, Córdoba (Spain)
Distribution: Gentoo
Posts: 4,063

Rep: Reputation: 381Reputation: 381Reputation: 381Reputation: 381
Short answer, it's not possible.

Quote:
Originally Posted by colucix View Post
I wonder why someone should be concerned about hiding the content of a script to the users, when preventing intentional or accidental modifications should be enough.
Long answer: because s/he -probably- took the wrong approach, and there's something inside the script that should be hidden (as, for example, a password).

There are a number of workarounds, however I am not a big fan of "security by obfuscation/obscurity". It's the weakest form.
 
Old 09-08-2009, 08:48 AM   #6
colucix
LQ Guru
 
Registered: Sep 2003
Location: Bologna
Distribution: CentOS 6.5 OpenSuSE 12.3
Posts: 10,509

Rep: Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978
Quote:
Originally Posted by onesikgypo View Post
The purpose of the script is that it contains original coding, you can consider it something like a "trade secret" - so whilst we want people to be able to use this tool, we want to make sure that nobody can read the files coding - if you understand what i mean.
So you let the users execute it for testing purposes? The thread linked above could really give you some useful hints. The shc solution would be my preferred one.
 
Old 09-08-2009, 09:26 AM   #7
i92guboj
Gentoo support team
 
Registered: May 2008
Location: Lucena, Córdoba (Spain)
Distribution: Gentoo
Posts: 4,063

Rep: Reputation: 381Reputation: 381Reputation: 381Reputation: 381
No solution is bullet-proof, but shc is less than that.

As far as I know it just stores the script inside a C program, that then is compiled using your system compiler to form a proper redistributable binary file. The problem with that file is that the key to decode the original script is also stored inside the same file. That means that it's easily crackable by nature.

Random just-Googled link illustrating that: http://www.linuxjournal.com/article/8256

Of course it all comes down to the degree of knowledge that you are expecting from your users. A C program could also be reverse engineered, it just takes the time and knowledge to do so.
 
Old 09-08-2009, 09:58 AM   #8
colucix
LQ Guru
 
Registered: Sep 2003
Location: Bologna
Distribution: CentOS 6.5 OpenSuSE 12.3
Posts: 10,509

Rep: Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978
Thanks for the clarification, i92guboj. Indeed, it is a matter of how users are malicious enough to try to steal the "trade secret". However, if a system administrator does not trust its own users...!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
A better way to make a bash script run on boot helptonewbie Linux - General 6 09-13-2006 06:59 PM
Bash Script - How do I make sure my program is still running? nro Linux - Newbie 4 08-28-2005 01:57 PM
make a folder readable evensen Linux - Software 6 12-29-2004 06:37 AM
Make a shell script executable but not readable davholla Linux - Security 5 03-24-2004 03:44 AM
Make an archive readable aizkorri Programming 4 03-07-2002 11:01 AM


All times are GMT -5. The time now is 10:29 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration