在没有读取权限的情况下执行脚本
Execute script without reading permissions
我想允许用户执行包含敏感数据的 bash 脚本。因此,我不希望他们有阅读权限。 'direct' 解决方案 seems to be impossible, but I may have found a workaround in the expect man page:
Create the Expect script (that contains the secret data) as usual.
Make its permissions be 750 (-rwxr-x---) and owned by a trusted group,
i.e., a group which is allowed to read it. If necessary, create a new
group for this purpose. Next, create a /bin/sh script with permissions
2751 (-rwxr-s--x) owned by the same group as before.
我试过如下复制:
在一个文件夹中,我有两个脚本:
script.sh:
#!/bin/sh
echo "targetscript echo"
运行script.sh:
#!/bin/sh
echo "runscript echo"
groups
./script.sh
我按照手册页中的建议给了他们权限:
groupadd scriptrunner
chown {myusername}:scriptrunner runscript.sh
chmod 2751 runscript.sh
chown root:scriptrunner script.sh
chmod 750 script.sh
ls -l 的输出似乎没问题:
-rwxr-s--x. 1 {myusername} scriptrunner 51 Aug 25 13:04 runscript.sh
-rwxr-x---. 1 root scriptrunner 35 Aug 25 13:01 script.sh
但是,当我 运行 ./runscript.sh 没有 root 时,我得到以下错误:
runscript echo
{myusername} wheel
./runscript.sh: line 4: ./script.sh: Permission denied
我不知道出了什么问题。谁能帮帮我?
我将回到根本问题,因为我认为没有 expect hack 更容易解决。
所以,你需要的是对你的脚本有执行权限,而不是读取权限。这仅适用于二进制文件(即非解释脚本)- 请在此处查看详细信息 https://unix.stackexchange.com/questions/34202/can-a-script-be-executable-but-not-readable
因此,也许您最好先将 bash 脚本编译成二进制文件(使用 shc - 请参阅此处 https://unix.stackexchange.com/questions/64762/how-to-convert-a-shell-script-into-a-binary-executable),然后对二进制文件设置只执行权限。之后您的用户应该能够执行(但不能读取)二进制文件。
我想允许用户执行包含敏感数据的 bash 脚本。因此,我不希望他们有阅读权限。 'direct' 解决方案 seems to be impossible, but I may have found a workaround in the expect man page:
Create the Expect script (that contains the secret data) as usual. Make its permissions be 750 (-rwxr-x---) and owned by a trusted group, i.e., a group which is allowed to read it. If necessary, create a new group for this purpose. Next, create a /bin/sh script with permissions 2751 (-rwxr-s--x) owned by the same group as before.
我试过如下复制: 在一个文件夹中,我有两个脚本:
script.sh:
#!/bin/sh
echo "targetscript echo"
运行script.sh:
#!/bin/sh
echo "runscript echo"
groups
./script.sh
我按照手册页中的建议给了他们权限:
groupadd scriptrunner
chown {myusername}:scriptrunner runscript.sh
chmod 2751 runscript.sh
chown root:scriptrunner script.sh
chmod 750 script.sh
ls -l 的输出似乎没问题:
-rwxr-s--x. 1 {myusername} scriptrunner 51 Aug 25 13:04 runscript.sh
-rwxr-x---. 1 root scriptrunner 35 Aug 25 13:01 script.sh
但是,当我 运行 ./runscript.sh 没有 root 时,我得到以下错误:
runscript echo
{myusername} wheel
./runscript.sh: line 4: ./script.sh: Permission denied
我不知道出了什么问题。谁能帮帮我?
我将回到根本问题,因为我认为没有 expect hack 更容易解决。
所以,你需要的是对你的脚本有执行权限,而不是读取权限。这仅适用于二进制文件(即非解释脚本)- 请在此处查看详细信息 https://unix.stackexchange.com/questions/34202/can-a-script-be-executable-but-not-readable
因此,也许您最好先将 bash 脚本编译成二进制文件(使用 shc - 请参阅此处 https://unix.stackexchange.com/questions/64762/how-to-convert-a-shell-script-into-a-binary-executable),然后对二进制文件设置只执行权限。之后您的用户应该能够执行(但不能读取)二进制文件。