LinuxQuestions.org - Prevent shell script from being run directly using sh command

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - Prevent shell script from being run directly using sh command (https://www.linuxquestions.org/questions/linux-newbie-8/prevent-shell-script-from-being-run-directly-using-sh-command-4175583217/)

shazgaurav

06-27-2016 11:24 PM

Prevent shell script from being run directly using sh command

There is a shell script used to stop/start appserver appserver.sh.I need to run this script using service file only(service appserver start/stop/status) and prevent direct execution of shell script(./appserver start/stop/status).Is there any utility in linux which can help me out.

Thanks in advance...!!!

chrism01

06-28-2016 12:56 AM

If the script file is

Code:

appserver.sh

then

Code:

./appserver

will fail because its the wrong name.

If you ensure that there are no 'x' perms set, then even ./appserver.sh will fail, BUT if its valid bash code, then 'bash ./appserver.sh' will run and you can't stop it even if there are no 'x' perms.

It would help if you explained why you want to do this.
You can certainly make it root owner/grp accessible only, in which case only root can run it (which is what happens with the service cmd..)

HTH

shazgaurav

06-28-2016 01:17 AM

Here is some more context.Sorry my question had few voids.

The script should not be executeable as ./appserver.sh or "sh appserver.sh" directly by user(tomcat) who is owner of the script but it should be executable by service file(service appserver start/stop/status) as owner of that script(tomcat).I am fairly comfortable with how I can execute script using (service appserver start/stop/status) where I can give User=tomcat in RHEL7 service file.What I am looking disable execution of appserver.sh directly using ./appserver.sh or "sh appserver.sh"

ondoho

06-28-2016 02:46 AM

make it be owned by tomcat, and remove all other permissions?

like: chmod 600 ./appserver.sh; chown tomcat:tomcat ./appserver.sh

Jjanel

06-28-2016 02:56 AM

Maybe you could put code IN the script (IF modifying it is a possibility)
to check that the env/parent/arg $0/...(I'm not sure how)
is the service manager [systemd?] and not just a parent shell.

Conceptually, I'm thinking that: IF a userid could see/COPY! a file,
that userid can "perform" whatever the script does!
I think a file/directory can be unreadable by owner (if that might help).

I'm guessing what you want is the script to *immediately exit*
IF the [?]parent="runER"[?] is NOT the [?]system[?] ...

(excuse my blindly trying to help clarify, even tho I don't know specifics)

All times are GMT -5. The time now is 11:29 PM.