11-24-2011
Setting permissions for shell scripts
Hi,
I have written a shell script which calls a java program which reads properties from a configuration file and writes to a log file for each session.However the customer wants that the user should not be able to open/edit the configuration file or the log files meaning they should not have any rights on the files.
I tried setting the user id of the shell script giving the user permission to run the script as root so that the owner of the script,configuration file and log file directory is root,and the user will not normally be able to access the said files.However it seems that setuid is not working as it still shows that permission is denied to access the files.However when I set uid on the java executable I was able to run the script without any problems.However that opens another security issue as the java executable can be used by anyone to run any java code compromising the security further.I am working on a Sun Solaris box(namely OSS-RC).
I am in a fix.It would be great if you were able to help me out in this.
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi,
I am setting up an area on a unix server where multiple people will be editing web pages. Can anyone tell me how to set it up the directory and subdirectories so that when a user creates a new file, it defaults to permissions of 664 or 775?
I've tried using umask but from what I can... (1 Reply)
Discussion started by: robbieg
1 Replies
2. AIX
Hi,
Please give me the detailed Differences between writing Unix Shell script and AIX Shell Scripts. Thanks in advance..... (0 Replies)
Discussion started by: haroonec
0 Replies
3. UNIX for Dummies Questions & Answers
Hi,
I'm in the process of writing a system (in Java) where a user can register to become a member of a website.
When they register, a collection of directories and files get created by the application.
For example if a user with the name 'fred' registered they would get the following
drwxr-xr-x... (0 Replies)
Discussion started by: andrewpmoore
0 Replies
4. UNIX for Dummies Questions & Answers
I've been told I need to set the permissions for everything in the htdocs folder to 777, but how do I go about doing this?
Thanks:o (9 Replies)
Discussion started by: thehaapyappy
9 Replies
5. UNIX for Dummies Questions & Answers
Hi all,
I have user called "Z". The home directory is /home/Z. I have another directory /home/Z/OP. Within /home/Z/OP, i have 2 directories
/home/Z/OP/OP1 and /home/Z/OP2.
I want to restrict access for Z to only access
/home/Z/OP and
/home/Z/OP1 and
/home/Z/OP2.
What kind of... (4 Replies)
Discussion started by: new2ss
4 Replies
6. UNIX for Dummies Questions & Answers
I'm trying to setup a directory structure for my staff which enables them full access to files in the directories with their name, and have access to anything in the shared directory. The directory structure looks like this:
root@www10 # ls -l
total 56
drwxr-xr-x 7 internal internal 4096... (3 Replies)
Discussion started by: v_greg
3 Replies
7. UNIX for Advanced & Expert Users
What would be a practical way of making sure files I upload to/edit in a particular directory on a server always have the correct group permissions?
I'm forgetful, so I try to automate things like chgrp'ing the files when I'm done. I could write a script to be run by cron. Is that the only way,... (2 Replies)
Discussion started by: mregine
2 Replies
8. Shell Programming and Scripting
I've got a number of people sending files to me in different directory structures, and users on many different groups who need access to these incoming paths.
My problem is that umask assumes a default of 666 for files. No execute bit, meaning that my users can't even see the incoming folders.... (2 Replies)
Discussion started by: Karunamon
2 Replies
9. Shell Programming and Scripting
Hello All,
I am in the process of finding the permissions on all the files that exists in two directories:
Dir1: PROD_Scripts/*
Dir2: STAGE_Scripts/*
Both the Directories have some shell and perl scripts respectively.
Step1: Finding all the Scripts that exists in PROD but Not in STAGE.... (2 Replies)
Discussion started by: filter
2 Replies
10. UNIX for Dummies Questions & Answers
I'm working in a linux server where wrappers are executed by multiple users of different groups. The log and output files are created with 554 permissions by default. This is stopping other users to run the wrappers unless the log and output files are deleted or given 777 permission. Setting SUID... (1 Reply)
Discussion started by: praveenpa
1 Replies
LEARN ABOUT DEBIAN
java-wrappers
JAVA-WRAPPERS(7) Java wrappers JAVA-WRAPPERS(7)
NAME
java-wrappers - capacities shared by java wrapper scripts
DESCRIPTION
Most Java programs are not run directly, but through small shell scripts that take care of various things, such as finding a suitable java
environment and looking for libraries.
To ease the task of the maintainers, they rely on a library providing runtime detection, library detection and other features. This manual
page describes the common features of all those scripts, and to which point you can configure them. This is mainly done via environment
variables.
ENVIRONMENT VARIABLES
java-wrappers understands some environment variables:
JAVA_CMD
The java command that will be run. If this variable is set, it disables all lookup for a java runtime.
JAVA_BINDIR
Specifies a directory that will be looked for a java or a jdb executable (depending on the setting of JAVA_DEBUGGER). It has prece-
dence over JAVA_HOME but not over JAVA_CMD.
JAVA_HOME
A path to a java runtime. If this variable is set, all lookup for a java runtime is disabled, except that if no java executable is
found in the path, the command java is used.
JAVA_FLAVOR
A probably more easy-to-use version of the JAVA_HOME variable: instead of specifying the full path of the java runtime, you name it.
List of available flavors can be found in the file /usr/lib/java-wrappers/jvm-list.sh. See examples below.
JAVA_DEBUGGER
If this is set, the wrapper will try to pick up a java debugger rather than a java interpreter. This will fail if the jbd of the
runtime found is a stub.
JAVA_CLASSPATH
Additional classpath, will have priority over the one found by the wrapper.
JAVA_ARGS
Additional arguments to the java command. They will come before all other arguments.
FORCE_CLASSPATH
If this variable is set, it will be the only classpath. You'd better know what you are doing.
DEBUG_WRAPPER
This is probably the most important variable; if it set, the wrapper will print out useful information as it goes by its business,
such as which runtime it did find, and which command is run eventually.
JAVA_JARPATH
The path where the wrappers will go looking for jar archives. If not set, the wrapper will look into the default directory,
/usr/share/java. Warning : the wrapper will not look anywhere else than in JAVA_JARPATH. Setting it incorrectly will most probably
result in early crashes.
EXAMPLES
The examples all rely on rasterizer(1), from the package libbatik-java, but they really apply to all scripts that use java-wrappers.
Print out debugging information:
DEBUG_WRAPPER=1 rasterizer
Limit rasterizer's memory to 80 MB:
JAVA_ARGS=-Xmx80m rasterizer
Force rasterizer to run with kaffe(1):
JAVA_HOME=/usr/lib/kaffe rasterizer
The same, but using JAVA_BINDIR:
JAVA_BINDIR=/usr/lib/kaffe/bin rasterizer
Force rasterizer to run with openjdk:
JAVA_FLAVOR=openjdk rasterizer
Debug rasterizer with Sun's debugger, while printing debugging information from the wrapper:
DEBUG_WRAPPER=1 JAVA_CMD=/usr/lib/jvm/java-6-sun/bin/jdb rasterizer
BUGS
Care has been taken to make the wrappers bug-free. If that was not the case, please file a bug report against the java-wrappers package.
If you wish to submit any problem with a java executable relying on java-wrappers, please also submit the output of the command run with
DEBUG_WRAPPER=1. It will save one mail exchange and therefore potentially reduce the time it takes to fix the bug.
DEVELOPERS
There is currently no documentation about writing a wrapper script save the comments in /usr/lib/java-wrappers/java-wrappers.sh. If you
have to write one, we suggest you base yourself upon, for instance, the rasterizer wrapper script, or any other one (just pick up any
direct reverse dependency of java-wrappers and look for scripts).
SEE ALSO
java(1), jdb(1)
/usr/lib/java-wrappers/java-wrappers.sh
AUTHOR
java-wrappers and its documentation were written by Vincent Fourmond <fourmond@debian.org>
Version 0.1.16 2010-05-04 JAVA-WRAPPERS(7)