Arthur S. Alexion on Fri, 2 Nov 2001 15:10:12 +0100


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] [linux] Shell script madness (fwd)


Could someone on this list please help? Jim has helped me considerably on the other list.

art

--- begin forwarded text

From: Jim Garrison <jimg@legalcs.com>
To: "Linux use in the law office" <linux@lists.elder-law.com>
Subject: [linux] Shell script madness
Date: Thu, 1 Nov 2001 22:53:17 -0700

I'm sure that this is Bash 101, but it's making me crazy.

I have a shell script to start up Chrony, the clock-align utility.
The script is pretty simple:

#! /bin/bash
cat <<EOF | /usr/local/bin/chronyc
password blablabla
online
EOF

"blablabla" is the root password. "chronyc" (the client) requires
root privileges in its communications with "chronyd" (the daemon).

That's all good and fine.

My madness is trying to make this script secure. No-one but su should
be able to read it. Otherwise the root password will be wide open to
prying eyes. The script is owned by root, is assigned to the "users"
group, and has its permissions set at 750 (rwx r-x ---). Works fine
there. But that gives read privileges to users. So I try setting
permissions at 710 (rwx --x ---) so that the group only has execution

privileges. This results in "permission denied".

Shouldn't execute privileges be enough to run the script? Why does it
require read privileges? What do I do to secure it so that it is
executable by the "users" group while only being readable by root?

BTW, the script is in /usr/local/bin.

- Jim

James V. Garrison, Esq.
Legal Computing Services
P.O. Box 728
Pleasant Grove, UT 84062-0728
jimg@legalcs.com



--- end forwarded text
____________________________________
Art Alexion
Arthur S. Alexion LLC
----------------
215-884-5828
----------------
arthur @alexion.com
www.alexion.com

______________________________________________________________________
Philadelphia Linux Users Group       -      http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion  -  http://lists.phillylinux.org/mail/listinfo/plug