Want execute only shell script

I wrote a shell script to hook into a password protected database. A couple of others want to use the same shell script to share the database access, but I don't want to expose the password that is being used. Is there a way to lock the script so that no one can read it and only execute it? It'd also be ideal for them to enter their sudo password to run the script

Answers


Is there a way to lock the script so that no one can read it and only execute it? It'd also be ideal for them to enter their sudo password to run the script

Sure. Let's say the script containing the credentials is /usr/local/bin/myscript. Make this file owned by a privileged user. Let's say we have a user named "credentials":

# chown credentials /usr/local/bin/myscript
# chmod 700 /usr/local/bin/myscript

Now only the credentials user can read and execute this script.

Create another script /usr/local/bin/mywrapper that looks like this:

#!/bin/sh
exec sudo -u credentials /usr/local/bin/myscript

And create the appropriate /etc/sudoers entry:

auser   ALL=(credentials) /usr/local/bin/myscript

So now, user auser runs "mywrapper". This in turn uses sudo to call the real script, which will prompt auser for their password.

I think this does everything you want. We use a mechanism very much like this at my office to protect credentials (in our case, ssh private keys).


Need Your Help

Execute PHP code in DOMDocument

php html html5 dom web

I am loading content into a PHP page by fetching the content from other files. These files are structured like XML:

post rel value by ajax

php jquery ajax security

I use rel="" to pass value to insert page like this:

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.