From: alberto@calliope.cccfc.uam.es
Date: Mon Jan 20 2003 - 07:46:38 EST
Dear everyone,
Thank you everybody for your quick(s) answer(s). I report below these, but
in summary there are 2 solutions:
1) Use some facilities to "change" the execution user or mask the script,
like sudo, dop.
2) Use some c-compiled code that calls the script.
It seems to be impossible to execute without reading.
Thank you again,
Regards,
*****
From: "Nemholt, Jesper Frank" <JesperFrank.Nemholt@hp.com>
Use DOP or SUDO and let the script be owned by another user and without
read permissions for the user executing it.
DOP and SUDO (and SUR) are tools that allow users to execute selected
commands/scripts/programs as another user.
DOP is available on v4.x and v5.x, but only documented and supported on
v5.x. SUDO is the OpenSource alternative to DOP. It's a bigger package
and offer more features, but unlike DOP, it's not supported by HP
(anyway it works fine).
-- Un saludo / Venlig hilsen / Regards ***** ***** >From tpb@doctor.zk3.dec.com Mon Jan 20 11:26:15 2003 How would that work? The shells are non-privileged user programs, if they can't read the script they can't interpret it. You need to think about WHY what you are trying to do makes any possible sense; there is no simple technical solution that will accomplish whatever you think this will do for you short of writing compiled programs. And if I'm not mistaken, even they have to be readable by the user who invokes them, although I may be mistaken. Tom ***** ***** >From stan@temple.edu Mon Jan 20 11:26:17 2003 I am not positive about this, but I think you might be able to achieve this if you install the ACL feature and then set the appropriate ACLs for the directory and script file. Its a long-shot though, but its worth looking into. ***** ***** >From cerberus@aol.net Mon Jan 20 11:26:19 2003 Greetings, To answer your question, no. The executing shell needs to be able to read the code inside the script. It must be readable for it to function. If you want the code to be executable only, re-write it in C (the only solution we were able to come up with for *exactly* the same problem). Good luck, -dave ***** ***** >From BREWERE@OD.NIH.GOV Mon Jan 20 11:26:21 2003 Alberto, You could use sudo to allow scripts or commands to run but not allow the user to view the contents. You have to be carefull in how you set up your sudoers file. Lee Brewer ***** ***** >From KeithTexel@eversheds.com Mon Jan 20 11:26:23 2003 chmod 111 <filename> will give us execute permissions on the file. K ***** ***** >From ForgetS@DFO-MPO.GC.CA Mon Jan 20 11:26:25 2003 Buenos dias Alberto. Have you thought of the "sticky bit"? This allows execution without giving full privileges. Like this: # chmod 4755 your_script_filename # ls -l your_script_filename -rwsr-xr-x 1 root system 2007040 Oct 30 10:54 your_script_filename* Note the "s" above. Hope this helps. Serge Forget ***** ***** >From farrell@pangea.Stanford.EDU Mon Jan 20 11:26:30 2003 Hi Alberto, Here's a workaround. Put the real script in another directory, with no read or execute access to the world, but with both read and execute access to a group that you create. Make a tiny C program that simply calls this script. Make that C program setgid to the group that has access to the real script. Your user runs the C program, which is compiled, and anyway has no information of interest in it. That program runs the real script, which the user cannot see on his own. I've appended a small C program that I wrote that will do the job, named "callscript". I tested this on my Tru64 UNIX system v4.0g. -Phil Farrell ----------cut here for callscript program------------- /* callscript P. Farrell Jan 17, 2003 Simply execute the script or command (with optional arguments) passed as argument(s). Use this to "hide" the contents of a script. Make the script with no world read or execute access. Put the script and this program into the same UNIX group. Make this program setgid. When this program runs, it changes to the desired group and is then able to run the script. Make sure the user's path includes the directories where this program and the called script reside. Example: callscript myscript myargs This program based on routines described in Kernighan, Brian W., and Pike, Rob, "The UNIX Programming Environment", Prentice Hall, 1984 Compile with: cc -o callscript callscript.c */ #include <stdio.h> char *progname; main(argc, argv) int argc; char *argv[]; { progname = argv[0]; /* Check that we got a command to execute as argument(s) */ if (argc < 2) error("Usage: %s command-to-run [command-arguments]",progname); /* simply pass arguments along to execlp, which overlays that program in place of this one. Error message if can't run */ else { execvp(argv[1], &argv[1]); /* only get here if execvp can't run */ error("can't execute %s", argv[1]); } } /* end of main */ error(s1, s2) /* print error message and die */ char *s1, *s2; { extern int errno, sys_nerr; extern char *sys_errlist[], *progname; if (progname) fprintf(stderr, "%s: ", progname); fprintf(stderr, s1, s2); if (errno > 0 && errno < sys_nerr) fprintf(stderr, " (%s)", sys_errlist[errno]); fprintf(stderr, "\n"); exit(1); } /* end of error function */ ***** ***** >From belonis@dirac.phys.washington.edu Mon Jan 20 11:26:32 2003 public-domain program sudo protect the script, but require people to run it via sudo which temporarily gives people root privileges or at least user privileges for the script. Alternatively replace the script with a script that runs the desired script via sudo so no user behaviour changes are required. Jim Belonis ***** ***** >From merlin@alek.if.uj.edu.pl Mon Jan 20 11:26:34 2003 you can use the following solution in that problem. suppouse the script is in the location: "/path/to/script" change the owner of the script: `chown user1.group1 /path/to/script` change the permissions of script: `chmod 700 /path/to/script` remember the id of the user1, you can view it by runnig `id user1` in the following i will refer to that id by writting "U1ID". now we have to make a small c program: #include <unistd.h> #include <stdlib.h> int main() { setuid(U1ID); system("/path/to/script"); return 1; } where U1ID must be numeric value of user1 id. compile it, by running `cc -o exec_name sourcefile.c` (exec_name is the output file name, and sourcefile.c is a file where you have saved the above code) change the owner of exec_name to root: `chown root exec_name` now add suid to exec_name: `chmod 4755 exec_name` this is of course not very good, you have another +s program, but this one only does two things, changes the user id to user1, and as user1 runs the /path/to/script. if you are carefull nothing should go worng. but you _should_ consult this solution with someone else. and any user by running exec_name will run /path/to/script as user1. but only user1 will be able to view the /path/to/script. greets pg ***** ***** >From sainsb_j@chem.usyd.edu.au Mon Jan 20 11:26:37 2003 I think you will need to write a (setgid) wrapper for your scripts or use sudo eg Place all your scripts in a fixed directory /usr/opt/apps/libexec script1 script2 etc Create a unique group for them eg apps and make your scripts owned by root (or whoever) group apps read/execute by the owner/group only. e chown root:apps script1 script2 etc chmod 550 script1 script2 etc Create a C wrapper that execs the scripts eg roughly main (int argc, char* argv[]) { execv ( "/usr/opt/apps/libexec/script1", argv); exit (EXIT_FAILURE); } (see the usenet secure programming faq for details for doing this properly.) and make the binary setgid apps and place it on the path of your users. ***** __________________________________________________________________ Alberto Luna administrador.ccc@uam.es Centro de Computacion Cientifica. Phone : +34 91 397 41 16 Universidad Autonoma de Madrid. Fax : +34 91 397 43 93 28049 - MADRID SPAIN __________________________________________________________________
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:49:04 EDT