Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've created a automate script using EXPECT and placed the
script file in path "/usr/bin/SCRIPT" now i have given a
permission of read and execute to all users in a particular
group say "group - winner" now the user "winner" has a permission
of `rwx` and a user "john" of group "winner" has `rx" permission.
If the user john is logging in and providing a command "SCRIPT"
at the command prompt then the script start works but the user
can also view the file by providing command "cat /usr/bin/SCRIPT".
As the SCRIPT contains confidential information such as passwords etc,
the user "should not be able to view the contents of the SCRIPT" only
the user can execute the file.
Distribution: Have used Yellow Dog, thinking Mandrake for X86 System
Posts: 46
Rep:
So if i get this straight, you want the user to have execute permissions, but not read or write? If so do a
"chmod 711" that will give the owner read write execute, group and others execute only. Hope that helps,
I think your problem can be solved by putting the passwords into a different file and having the script run as a different user.
Example: The script can be executed by group A, but runs with the permissions of user B. The password-file is only readable by user B.
Generally though I think that you should rather encrypt your passwords than hide them in such a way.
Thanks for your option, but any way if the user can access the script they can see the script
and also the PASSWD FILE so that they can easily view the passwd file by cat command.
Any way i Thankyou a lot for the precious reply. Now i've edited the users ".bashrc" file
using "alias", so all the options of viewing files is blocked.
This is Bharani again, using .bashrc file i've blocked all the editors and viewers
now my problem is, i've added a script in path "/usr/bin/LOGINSCRIPT" and also
added a entry in file ".bashrc" using which the scripts starts automatically when
the user is logged in to system, but if the user press "Ctrl + C" the script stops
and user prompt appears but my query is if the user has pressed "Ctrl + C" the
terminal which the user has connected should be closed or logged out.
I still think that your method is not very safe though... have you blocked grep and awk for example? Both can be used to display the contents of a file too... And what about gcc or g++? There's so many commands that can show you what is in a file, I hardly think you can block them all. If you insist, you whould perhaps rather have a whitelist than a blacklist, but you'd really have to have very few entries.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.