UNIX for Advanced & Expert Users

i've vi'ed some scripts in the past and when i did, my screen froze. i had to go to another terminal and kill the vi process before i was able to get back my screen.

how can i replicate this behavior on purpose? i want be able to do this also if the file or script was doubled clicked, say through the GUI of a File browser.

Hello SkySmart,

How about the usual way by NOT providing the permissions to those to whom you don't want go view the content. Not sure about your UI(either you are having authentication process in it or not).

Thanks,
R. Singh

If they have to be able to read it to execute it for their job, consider writing a calling script that will use sudo to elevate the permissions so they can still do their job when you have locked the real script away from prying eyes.

So, if you have my_script that is sensitive, change the permissions so that they cannot read it and rename it to my_script.protected

Then create a public script that just contains something like this:-

Code:

#!/bin/ksh

sudo $0.protected $@

Using $0 means that it should find the protected script down the same way it found your open script. Of course, if you rely on the userid within the script you might have to work around this by determining who is logged on to the terminal. The whoami command might help if that is the case.


I hope that this helps,
Robin

This extremely common question always has the same inescapable conclusion.

Moderator's Comments:

If your database/machine/client can decrypt it at will without secrets -- so can anyone else.

Yes, but --

Encryption does not work that way.

But what if --

Encryption does not work that way.

Maybe if it --

Encryption does not work that way.

To prevent people from reading your scripts/passwords, chmod.

To prevent people getting access to something which reads the scripts/passwords, sudo.

To prevent root from getting at it... You're out of luck.

This question fools everyone eventually... I spent a long while earlier this year down a rabbithole trying to find a way to make arbitrary apache suexec secure, until I realized I was fighting what amounts to the same problem -- how to prove identity to the computer without using secrets.

You could compile it: shcomp -
man pages section 1: User Commands

Francisco Rosales, home page

If you don't want anyone viewing your content, an option would be to encrypt the file with a secure passphrase.

On Solaris, use encrypt/decrypt
On Linux, use gpg2

But then they could only run the program if they knew the passphrase - either that, or include the password in the program, which leaves you with the same problem!