permission problem
Hi All
Consider a compiled C program - a.out that has only execute permission: $ ls -l a.out ---x------ 1 Sachin Sachin 4704 Jun 18 19:02 a.out This program can be run using ./a.out Consider a shell script - test.sh that has only execute permission: $ ls -l test.sh ---x------ 1 Sachin Sachin 19 Jun 18 19:05 test.sh If I try to run this shell script, I get: $ ./test.sh bash: ./test.sh: Permission denied At the system level, what is the reason for the difference between the two cases? (Note: Assuming that there are sufficient permissions for the parent directory.) Thanks in Advance Sachin |
Off the top of my head, your bash shell is trying to "read" the script, so as to interpret the commands prior to running them. Whereas with a binary, it simply executes the compiled code.
|
Quote:
Also, this seems very much like a verbatim homework question.......... |
Sachin:
meditate on what you are posting...... "Consider...." "Consider...." "At the system level... what is the reason...?" "Note: assuming...." You are not solving an actual newbie problem. Read your textbook. Go to the library. Lazy students have the bad habit of having others solve their homeworks. If you are serious, go post your issue to linux/software forum, not here. Be reminded that we are NOT tutors for classroom homeworks. |
@malekmustaq - I get the feeling you might be right on the verbatim homework question. I've never taken any "UNIX 101" courses before, but I certainly have contributed to them. Coupled with the lack of a response from sachin.s.puri, I'm tempted to agree with you.
However, even though sachin.s.puri only has two posts, his/her other post doesn't strike me as a homework question, so I'm giving him/her the benefit of the doubt. (Which I'm hoping will be rewarded by a response shortly, perhaps followed by a "Thanks!" if one of us got this right) |
xeleema, you are correct; executable binaries (regardless of src lang) can be run with only 'x'. Ditto, 'scripts' in any lang eg bash, ksh, perl, awk etc must have 'rx', because the kernel has to actually read them (specifically the first line '#!/path/to/actual_binary' so as to hand off the processing to the named binary.
Alternately, you can create a 'script' file with only 'r' and get the correct 'binary' to read/process it eg bash file.sh perl another.pl etc Another wrinkle is that on linux (possibly other *nix) the kernel will NOT read/run a shell script that is setuid ie owner 'x' perm is set 's'. This is for security reasons. |
If my post does reflects like home work question, I am sorry but actually I was learning about unix permissions and found this behavior when I was experimenting with it. The book did not give a clear explanation .
By the way thanks xeleema for the reply I want to know following from you after reading your reply 1. How is the binary executed, when it does not have a read permission. Doesn't it need to to be "read" into memory first before executing it? 2. I can execute a shell script that does not have a shebang line. How does the kernel know which interpreter to use, when I have not specified the name of the interpreter. 3. When I run a shell script using ./test.sh, it actually the interpreter that is executing. So why does the script too need execute permission? Thanks Sachin |
Executable Files
Regarding your questions; 1. How is a binary executed without having "read" permissions. Technically, no. The "read" permissions bit is typically reserved for "userland", not "kernel space". Basically, a shell (like bash) can execute the machine code within a file as long as you have sufficient permission. That being "execute". There's no interpretation of the binary necessary, so you don't have to "read" it first (in the permissions sense), it's "read" by the kernel.2. I can execute a shell script that does not have a shebang line. How does the kernel know which interpreter to use, when I have not specified the name of the interpreter. If a she-bang line isn't the first line of a script, it's executed by the currently running shell. So if you're running ksh, it runs in ksh.3. When I run a shell script using ./test.sh, it actually the interpreter that is executing. So why does the script too need execute permission? Your currently running shell will "read" and then "execute" the script in question (unless a she-bang tells it to fire up another interpreter). This "read" and "execute" is done at the permissions level to make sure you're not trying to run a "killall" against a root process, etc. |
Thanks xeleema
You answers most of My doubts. Its exactly how I had guessed it to be. There are still some grey areas if we want to poke further: 1. When a shell script without a shebang line is executes using ./test.sh, does it run in the current shell, or is a new instance of the current shell created and the script is run in that? (I think a new instance should be created. If it was not so, then running a shell script with a single line "cd /var/tmp/" would change the directory of the current shell, which is not true. This can also be seen when you run a shell script with a single line "ps". If you run this shell script in bash using ./test.sh, you will see 2 instances of bash. But strangely, when this same shell script is run in ksh, I can see only 1 instance of ksh. I don't know why this anomaly exists.) 2. I still didn't understand this: > *3.* When I run a shell script using ./test.sh, it actually the interpreter that is executing. So why does the script too need execute permission?Your currently running shell will "read" and then "execute" the script in question (unless a she-bang tells it to fire up another interpreter). This "read" and "execute" is done at the permissions level to make sure you're not trying to run a "killall" against a root process, etc. Considering that a new instance of an interpreter is fired up every time "./test.sh" is run, can't the execute permission of the interpreter be checked instead of the execute permission of the script, since ultimately its the interpreter, and not the script that is running. Whether or not you are trying to perform a superuser operation would be checked in either case. Thanks Sachin |
The a.out binary is an application, while the script is a text file. You do not run a text file directly, but by using some other application to read the textfile and parse the commands.
$ ./a.out will run a binary from the current location $ sh my.txt will use the sh tool to read and process the script my.txt which is a text file $ . my.txt will use the current shell to 'source' the file my.txt and see what happens (the dot by itself is also a shell command for reading a file, aka sourcing) If my.txt contains valid shell scripting syntax, then it will be executed. If it contains your latest poem, then you'll get an error message, but you shouldn't take that as a critic on your art ;-) Linux |
All times are GMT -5. The time now is 03:42 PM. |