Make a directory (for example: /usr/local/secure/bin )
Set the permissions of it to 711.
Put the script in there, with permissions set to 755.
Then, put a wrapper script in /usr/local/bin, that runs that script.
So it looks like:
ls -la /usr/local/secure:
drwx--x--x 2 root root 4096 Jan 7 10:13 bin
ls -la /usr/local/secure/bin
/usr/local/secure/bin/hello
has permissions 755 to allow execution. You still cannot read it, because users have no read access.
"hello" looks like:
#!/bin/bash
#
echo "Hello World"
Then in /usr/local/bin
run.hello looks like:
#!/bin/bash
#
/usr/local/secure/bin/hello
running "run.hello" caused "hello" to be run, but the users cannot access, or read "hello".
Hope that helps!
Ric
NOTE: I have not endlessly beat this up for holes. But I've used it in the past successfully.
Proceed with caution - YMMV
Adam H. Pendleton wrote:
I hate to be the bearer of bad news, but you cannot execute a file
without being able to read it. You have to be able to open the file in
order to read the code inside to execute. You might be able to achieve
this result by using ACL systems such as www.grsecurity.net, but I doubt
it.
ahp
On Tuesday, January 7, 2003, at 09:50 AM, cana rich wrote:
Hello,<image.tiff>
I am using RedHat 7.2. I have a shell (root is the owner) and i
would like it to be execatable by others user but not readable by the
other users.
ls -l give :
-rwx--x-- 1 root mygroup 5030 jan 06 10:00:01
program1.bsh
I have tried : chmod 710 program1.bshbut when i log in other user(who belong to mygroup) and try to execute
the shell i have the message : "Can't open"
Could you help me?
Thanks in advance.
Canarich
Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Testez le nouveau Yahoo! Mail
-- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
