Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've created a automate script using EXPECT and placed the
script file in path "/usr/bin/SCRIPT" now i have given a
permission of read and execute to all users in a particular
group say "group - winner" now the user "winner" has a permission
of `rwx` and a user "john" of group "winner" has `rx" permission.
If the user john is logging in and providing a command "SCRIPT"
at the command prompt then the script start works but the user
can also view the file by providing command "cat /usr/bin/SCRIPT".
As the SCRIPT contains confidential information such as passwords etc,
the user "should not be able to view the contents of the SCRIPT" but they
should execute the script.
I'm pretty sure that for shell scripts, the user needs read and execute permissions to run it (because the shell has to read the script to interpret it). This is not true of binaries (execute permission alone is sufficient). There are a couple of ways around this--perhaps the simplest is make the script readable only by a certain group with no members, and then write a tiny C program that is setgid to that group and just calls the script.
Well i am also not a very HIGH one in linux field but i am using LINUX it
so 4 any mistake | plz forgive me
As far as ur query is concerned, as u had given 'rx' permissions to group to which john belongs , so it will naturally can read the script contents of the script .
But for ur problem , u can give Xecute rights to all but read & write or Read only or write only whatever to only specific users of ur choice. !
Well i am also not a very HIGH one in linux field but i am using LINUX it
so 4 any mistake | plz forgive me
As far as ur query is concerned, as u had given 'rx' permissions to group to which john belongs , so it will naturally can read the script contents of the script .
But for ur problem , u can give Xecute rights to all but read & write or Read only or write only whatever to only specific users of ur choice. !
Also for Xecuting NO read rights if used !
as mentioned in the last post
for executing shell scripts u need read permissions as well apart from xecute permisisons
since it is interpreted
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.