making a script in /usr/local/bin shareable

[vickey_20]

I created a small script in order to find out whether a host on the network is up or not ( as root). Made the script executable

Code:

chmod 711 script

But now there is a problem , root can execute the script no probz but when it comes to a normal user who has only x permission on it can execute the script . When I add read permission

Code:

chmod 715 script

the normal user is able to execute the script. But what if I dont want the source to be disclosed and still want only the script to be executable?

[lomcevak]

Normally when you want a script that anyone can execute you set the permissions to 755. The reason it has to be read+execute (I think) is that the shell needs permission to read the file so it can execute the commands within it.

There's no way that I know of in Linux to set up a script so a user can't read it and still execute it.

[vickey_20]

ya even i was thinking the same thing coz its executed after determining the code inside it. But there must be some why to protect the code.

[saivin]

But there must be some why to protect the code.

protecting the code...

Anyway, does creating a group, chgrp a particular directory where you keep your 'protected' scripts helps? Try.

[vickey_20]

that will serve the purpose but the scripts then will be executable by only those in the group ( who also need to have read permission ).

[saivin]

Ya, pardon my stupidity...

Probably you are right in doubting that a script file needs read permission along with execute permission.

[vickey_20]

there is no such things as stupidity we make mistake in order to learn

[TheBoogyMaster]

may be it has something to do with the sticky bit on the permissions. i dont know.. read man page for chmod.

[vickey_20]

its not the question of sticky bits . And infact I dont even no what exactly they are

[TheBoogyMaster]

FROM : hxxx://zzee.COM/solutions/linux-permissions.shtml

Set user ID, set group ID, sticky bit

In addition to the basic permissions discussed above, there are also three bits of information defined for files in Linux:

* SUID or setuid: change user ID on execution. If setuid bit is set, when the file will be executed by a user, the process will have the same rights as the owner of the file being executed.
* SGID or setgid: change group ID on execution. Same as above, but inherits rights of the group of the owner of the file on execution. For directories it also may mean that when a new file is created in the directory it will inherit the group of the directory (and not of the user who created the file).
* Sticky bit. It was used to trigger process to "stick" in memory after it is finished, now this usage is obsolete. Currently its use is system dependant and it is mostly used to suppress deletion of the files that belong to other users in the folder where you have "write" access to.

Numeric representation

Octal digit Binary value Meaning
0 000 setuid, setgid, sticky bits are cleared
1 001 sticky bit is set
2 010 setgid bit is set
3 011 setgid and sticky bits are set
4 100 setuid bit is set
5 101 setuid and sticky bits are set
6 110 setuid and setgid bits are set
7 111 setuid, setgid, sticky bits are set

Textual representation


SUID If set, then replaces "x" in the owner permissions to "s", if owner has execute permissions, or to "S" otherwise. Examples:
-rws------ both owner execute and SUID are set
-r-S------ SUID is set, but owner execute is not set
SGID If set, then replaces "x" in the group permissions to "s", if group has execute permissions, or to "S" otherwise. Examples:
-rwxrws--- both group execute and SGID are set
-rwxr-S--- SGID is set, but group execute is not set
Sticky If set, then replaces "x" in the others permissions to "t", if others have execute permissions, or to "T" otherwise. Examples:
-rwxrwxrwt both others execute and sticky bit are set
-rwxrwxr-T sticky bit is set, but others execute is not set