From: Green, Simon (Simon.Green@EU.ALTRIA.COM)
Date: Thu Feb 26 2004 - 07:52:02 EST
Because of the nature of scripts it is not possible to execute them without
first reading them.
The only way I know to deal with this would be to run a setuid program -
whether root, or maybe user1 - that then invoked the script. Setuid to
user1 might not be an unacceptable risk. Sudo and the like so this for you
in a nicely controlled and audited manner.
Another option might be to split the script, and put the passwords in
another file with tighter access controls. That wouldn't work if user2
actually needs the functionality that uses the passwords.
-- Simon Green Altria ITSC Europe Ltd AIX-L Archive at https://new-lists.princeton.edu/listserv/aix-l.html New to AIX? http://publib-b.boulder.ibm.com/redbooks.nsf/portals/UNIX N.B. Unsolicited email from vendors will not be appreciated. Please post all follow-ups to the list. > -----Original Message----- > From: Kumar, Praveen (cahoot) [mailto:Praveen.Kumar@CAHOOT.COM] > Sent: 26 February 2004 12:16 > To: aix-l@Princeton.EDU > Subject: Re: Script-Permission > > > Hi , > Sorry to tell this late...actually the requirement is > not to run a > script owned by root, but a non root user say user1 owns a > script,which > another non root user say user2 want execute with out having > read permission > for user2, as user1 stores some passwords in this script.
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:17:38 EDT