Restrict access to .ksh scripts


 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting Restrict access to .ksh scripts
# 1  
Old 01-22-2012
Restrict access to .ksh scripts

Hi,
How to restrict access to a .ksh script in such the way that the users can only execute the script, neither read nor write.

I tried the below code so that my user alone has the rwx and other users can only execute.

Code:
chmod 711 sample.ksh

But when I logged in as a different user and tried to execute the script, I get an error "Permission Denied".

How should I give the rights to the script to achive what I want?
# 2  
Old 01-22-2012
What you want is not possible using permissions. To execute a script users need both r and x rights.. To take away only w rights, use chmod 755.
# 3  
Old 01-22-2012
I don't think without read permission, execution is possible. Have you looked into sudoers?

--ahamed
# 4  
Old 01-22-2012
Yes, without read it is not possible. Is there any workaround for this?
# 5  
Old 01-22-2012
Like ahamed101 suggests you can use sudo definitions, so that users are denied access, but are given permission to execute the script as a different functional user if they belong to a certain group ...
# 6  
Old 01-22-2012
Actually, it is possible to have a non readable script to be executable. This is done by setting the setuid bit on the script file. The script should not be owned by root for obvious security reasons.
Code:
$ cat script.ksh
#!/bin/ksh
echo this is $0
id
$ chmod 04711 script.ksh

Then, logged in as a different user:
Code:
$ id
uid=102(guest) gid=1(other)
$ cat script.ksh
cat: script.ksh: cannot open [Permission denied]
$ ls -l script.ksh
-rws--x--x   1 jlliagre jlliagre      30 Jan 22 14:46 script.ksh
$ ./script.ksh
this is script.ksh
uid=102(guest) gid=1(other) euid=12345 (jlliagre)

As you can see, the script will run under its owner account as effective user id, not the user who launches it . This might be a problem.
This User Gave Thanks to jlliagre For This Post:
# 7  
Old 01-22-2012
Another option (maybe not acceptable )is to render the the shell script unreadable by making it an executable image (with encrypted strings). Since you apparently have passwords or other very sensitive information in the shell scripts this is possibly a better idea.

Francisco Rosales, home page generic version, you have to edit the makefile for your OS
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Restrict access

I'm trying to use squid to restrict elinks' access to certain websites(only http traffic). I have tried some configs in squid.conf but no luck. Hope someone has a bit of time to explain me how can you make these config's :) ---------- Post updated at 05:40 PM ---------- Previous update was at... (1 Reply)
Discussion started by: Birnbacher
1 Replies

2. Ubuntu

Restrict SUDO Access

Linux ubuntu 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux Hi Folks, Please help me. I am bit struck here. Here is the OS info. Linux ubuntu 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux I have a... (17 Replies)
Discussion started by: explorer007
17 Replies

3. Red Hat

Restrict user access

Hi there I have an application user on my system that wants accesses to these file systems as such: rwx: /SAPO /SAPS12 /R3_888 /R3_888B /R3_888F /R3_888R r: /usr/sap these are the existing FS permissions:ownerships: # ls -ld /SAPO (9 Replies)
Discussion started by: hedkandi
9 Replies

4. UNIX for Dummies Questions & Answers

Restrict user access.

Hi All, How can we restrict a particular user access to a particular shell in solaris 10. Thanks in Advance. (5 Replies)
Discussion started by: rama krishna
5 Replies

5. Solaris

Restrict access to solaris10 [SOLVED]

Hello, I have a solaris10 sparc running on a server and it is a Sun DS (LDAP) server as well as LDAP client. I have changed ssh server port to something other than 22 but is there any way to configure that only users abc, def, ghi from LDAP can login via ssh? SSH software on solaris10 is... (0 Replies)
Discussion started by: upengan78
0 Replies

6. UNIX for Advanced & Expert Users

Restrict Access to the folder

Hi I have requirement to create 3 new users on my server but to restrict their access to a set of particular folders. /export/home/kapil/shared, /export/home/kapil/shared/Folder1 /export/home/kapil/shared/Folder2 These folders should be accessible to all the 3 users and to me too.... (1 Reply)
Discussion started by: kapilk
1 Replies

7. UNIX for Advanced & Expert Users

Restrict access to specific users.

Hi All! I would like to know if there is any specific way by which I can restrict access to apecific users (ip addresses). OS : Red hat linux Thanks! nua7 (6 Replies)
Discussion started by: nua7
6 Replies

8. Red Hat

restrict access of a user to two directories only

Hi all, I am using RHEL 5.0 I need a user say test to have full access to two directories, say /tmp1 & /tmp2 only other than his home directory. I do not want to change his login shell which is ksh or bash by default. Moreover, he should not even have read access of other directories. ... (10 Replies)
Discussion started by: vikas027
10 Replies

9. UNIX for Advanced & Expert Users

Apache restrict access with certificates

Hello! Does anyone know if it's possible to restrict access to apache webserver with certificates? What I want is that if a user has a certificate in his browser then he get's access, if not show error or another page. I would be very happy if someone knew! /D (2 Replies)
Discussion started by: Esaia
2 Replies

10. UNIX for Dummies Questions & Answers

restrict tcp-port access

Hi Is there any way to restrict the TCP-IP port usage. I want to restrict TCP-IP port 1500/1550 to the oracle osuser. Tanks in advance. Remi (2 Replies)
Discussion started by: remivisser
2 Replies
Login or Register to Ask a Question