I want a shell script to be executable but not rea

2019-06-26 07:19发布

I created a script which I want other users on our shared system to execute but not read. I set the permissions as executable for all but revoked the R/W rights.

---x--x--x 1 dilletante staff 0 2013-04-02 11:42 expect.sh

However the script Fails to execute...The reason is simple.. The interpreter also needs to read the script

I want a workaround if any..Can I embed it into some compiled language..Would that work? If yes, could you point to the resources where I can learn how to do so..

4条回答
不美不萌又怎样
2楼-- · 2019-06-26 07:44

I made my own bash obfuscator to overcome some shortcomings of shc which really bugged me (the primary one as being able to see the script in almost clear text with the use of ps). You could have a look if https://github.com/louigi600/obash serves you any better then shc.

查看更多
Summer. ? 凉城
3楼-- · 2019-06-26 07:51

If you want this for other users try sudo

Example:

  1. Change execution right

    chmod 500 /usr/bin/script.bash
    ll /usr/bin/script.bash
    
    -r-x------ 1 <USER> <GROUP> 1174 23. Jan 13:24 /usr/bin/script.bash
    
  2. As root change sudoers

    visudo
    
    ## Allows ALL to run /usr/bin/script.bash as <USER> without password
    ## The asterisk is if you want to use any commandline parameters 
    ALL  ALL=(<USER>) NOPASSWD: /usr/bin/script.bash *
    
  3. Run script with sudo

    sudo /usr/bin/script.bash <PARAMETERS>
    

For further information concerning sudo read the sudo manpages

查看更多
ら.Afraid
4楼-- · 2019-06-26 07:54

The shell has to be able to read a script to execute it. You are asking for the impossible if it is a script.

You can certainly use 111 permission on an executable program (as produced by the ld command, typically invoked by the compiler of your chosen compiled implementation language). The owner can always change the permission to read the program if they want to, but it is more conventional to use 511 than 111 permission.

There are often compilers for a specific script language that will generate a C program equivalent to the script:

Etc.

查看更多
Rolldiameter
5楼-- · 2019-06-26 07:55

There's an alternative to securing your shell scripts. Since the goal here is to make sure no one can read or alter them, you may want to give the following link a try:

http://www.kinglazy.com/shell-script-encryption-kinglazy-shieldx.htm

On the above page, all you have to do is submit your shell script (you can submit a sample script first for your peace of mind). A zip file will be generated for you.

Installation:

  1. wget link-to-the-zip-file
  2. unzip the-newly-downloaded-zip-file
  3. cd /tmp/KingLazySHIELD
  4. ./install.sh /var/tmp/KINGLAZY/SHIELDX-(name-of-your-script) /bin -force

What the above install command will do for you is:

  1. It'll install the encrypted script in the directory /var/tmp/KINGLAZY/SHIELDX-(name-of-your-script).

  2. It'll place a link to this encrypted script in /bin - that way, you need not type the absolute path to your script each time you want to run it.

  3. Ensures NO ONE can modify the script - Any attempts to modify the encrypted script will render it inoperable...until the attempts are removed.

  4. Ensures absolutely NO ONE can make working copies of it. No one can copy your script to a secluded location and try to screw around with it to see how it works. If they try to, it'll abort and will not run.

查看更多
登录 后发表回答