12-14-2012
You can, sure... But if the program has to decrypt that file to use it, you've just handed out instructions on how to read that encrypted file to the world.
If I was genuinely worried about keeping a file secret, I'd set up a separate user account to hold secret things and configure sudo so they could sudo commandname to run it. No access otherwise.
And if you're trying to keep things secret from users with administrator access? You're just plain out of luck.
9 More Discussions You Might Find Interesting
1. AIX
Trying to setup user to have the ability to delete any files (regardless of owner) in /tmp.
I've tried almost everything... the permission on the folder is drwxrwxrwt 10 bin bin, and at one point I give all the possible permission (short of root) I can give to the user, and he still can't delete... (2 Replies)
Discussion started by: cchiang12
2 Replies
2. Shell Programming and Scripting
Hi All
How can I set password in linux.It is OK if it display password in plain text in script.
manually i can set:
#passwd
Changing password for root
Enter new password:
Bad password: too weak.
Re-enter new password:
Password changed.
#
I want this to be done by script.Please let me... (2 Replies)
Discussion started by: tannu
2 Replies
3. Shell Programming and Scripting
Hi All,
please help me on how to secure my shell script?
I chnanged it to read-only mode using 'chmod'.
but still i would like to set password for open the script.
Is there any way? Please help me!!
Thankyou all in advance!!
:b: (6 Replies)
Discussion started by: little_wonder
6 Replies
4. UNIX for Dummies Questions & Answers
Hi there,
I want to change from this permission -r-xr-xr-x to -r-xr-xr-- for a set of files under unix.
Can someone help me to go-about doing this in one shot.
Cheers,
RN (2 Replies)
Discussion started by: karthickrn
2 Replies
5. Shell Programming and Scripting
okay here I go again...
I have created a script which adds new user to /etc/password and which inturn creating a locked password in /etc/shadow but I am expecting to have *NP* for that particular user.Can someone help me with a script which can set the password for a particular user to NP in... (1 Reply)
Discussion started by: sintilash
1 Replies
6. Shell Programming and Scripting
Hi All,
I have a gateway server, from where I can connect any server via 'sudo ssh server_name'. Generally, if we need to run a command on any number of servers, we put server names in a file like '/tmp/ser_name' and execute it with for loop from gateway server.
Now, I need to set non-expiry... (0 Replies)
Discussion started by: solaris_1977
0 Replies
7. Shell Programming and Scripting
Hi,
I am unable to set the password remotely. I am using the script as below:
ep=`echo "$p" | /usr/lbin/makekey`
ssh -t $i "/usr/local/bin/sudo useradd -c "$user_c" -m -d /home/$user_id -s /bin/ksh $user_id; /usr/local/bin/sudo /usr/sam/lbin/usermod.sam -F -p $ep $user_id"
The... (0 Replies)
Discussion started by: Kits
0 Replies
8. HP-UX
Hi All
I had installed sudo in HP UX 11.3 and it is working fine but not able to make entry required to set permission similar to ROOT without using password (PASSWD) change option for define user in /etc/sudoers file
Please help if some know the syntex? :confused::wall: (2 Replies)
Discussion started by: deviltech
2 Replies
9. Shell Programming and Scripting
Hi,
I am looking for a shell script which serves the below purpose.
Please find below the algorithm for the same and any help on this would be highly appreciated.
1)set of strings need to be replaced among set of files(directory may contain different types of files)
2)It should search for... (10 Replies)
Discussion started by: Amulya
10 Replies
ssss(1) General Commands Manual ssss(1)
NAME
ssss - Split and Combine Secrets using Shamir's Secret Sharing Scheme.
SYNOPSIS
ssss-split -t threshold -n shares [-w token] [-s level] [-x] [-q] [-Q] [-D] [-v]
ssss-combine -t threshold [-x] [-q] [-Q] [-D] [-v]
DESCRIPTION
ssss is an implementation of Shamir's Secret Sharing Scheme. The program suite does both: the generation of shares for a known secret, and
the reconstruction of a secret using user-provided shares.
COMMANDS
ssss-split: prompt the user for a secret and generate a set of corresponding shares.
ssss-combine: read in a set of shares and reconstruct the secret.
OPTIONS
-t threshold
Specify the number of shares necessary to reconstruct the secret.
-n shares
Specify the number of shares to be generated.
-w token
Text token to name shares in order to avoid confusion in case one utilizes secret sharing to protect several independent secrets.
The generated shares are prefixed by these tokens.
-s level
Enforce the scheme's security level (in bits). This option implies an upper bound for the length of the shared secret (shorter
secrets are padded). Only multiples of 8 in the range from 8 to 1024 are allowed. If this option is ommitted (or the value given is
0) the security level is chosen automatically depending on the secret's length. The security level directly determines the length of
the shares.
-x Hex mode: use hexadecimal digits in place of ASCII characters for I/O. This is useful if one wants to protect binary data, like
block cipher keys.
-q Quiet mode: disable all unnecessary output. Useful in scripts.
-Q Extra quiet mode: like -q, but also suppress warnings.
-D Disable the diffusion layer added in version 0.2. This option is needed when shares are combined that where generated with ssss ver-
sion 0.1.
-v Print version information.
EXAMPLE
In case you want to protect your login password with a set of ten shares in such a way that any three of them can reconstruct the password,
you simply run the command
ssss-split -t 3 -n 10 -w passwd
To reconstruct the password pass three of the generated shares (in any order) to
ssss-combine -t 3
NOTES
To protect a secret larger than 1024 bits a hybrid technique has to be applied: encrypt the secret with a block cipher and apply secret
sharing to just the key. Among others openssl and gpg can do the encryption part:
openssl bf -e < file.plain > file.encrypted
gpg -c < file.plain > file.encrypted
SECURITY
ssss tries to lock its virtual address space into RAM for privacy reasons. But this may fail for two reasons: either the current uid
doesn't permit page locking, or the RLIMIT_MEMLOCK is set too low. After printing a warning message ssss will run even without obtaining
the desired mlock.
AUTHOR
This software (v0.5) was written in 2006 by B. Poettering (ssss AT point-at-infinity.org). Find the newest version of ssss on the project's
homepage: http://point-at-infinity.org/ssss/.
FURTHER READING
http://en.wikipedia.org/wiki/Secret_sharing
Manuals User ssss(1)