| Arthur S. Alexion on Fri, 2 Nov 2001 15:10:12 +0100 |
|
Could someone on this list please help? Jim has helped me considerably on the other list. art --- begin forwarded text From: Jim Garrison <jimg@legalcs.com> To: "Linux use in the law office" <linux@lists.elder-law.com> Subject: [linux] Shell script madness Date: Thu, 1 Nov 2001 22:53:17 -0700 I'm sure that this is Bash 101, but it's making me crazy. I have a shell script to start up Chrony, the clock-align utility. The script is pretty simple: #! /bin/bash cat <<EOF | /usr/local/bin/chronyc password blablabla online EOF "blablabla" is the root password. "chronyc" (the client) requires root privileges in its communications with "chronyd" (the daemon). That's all good and fine. My madness is trying to make this script secure. No-one but su should be able to read it. Otherwise the root password will be wide open to prying eyes. The script is owned by root, is assigned to the "users" group, and has its permissions set at 750 (rwx r-x ---). Works fine there. But that gives read privileges to users. So I try setting permissions at 710 (rwx --x ---) so that the group only has execution privileges. This results in "permission denied". Shouldn't execute privileges be enough to run the script? Why does it require read privileges? What do I do to secure it so that it is executable by the "users" group while only being readable by root? BTW, the script is in /usr/local/bin. - Jim James V. Garrison, Esq. Legal Computing Services P.O. Box 728 Pleasant Grove, UT 84062-0728 jimg@legalcs.com --- end forwarded text ____________________________________ Art Alexion Arthur S. Alexion LLC ---------------- 215-884-5828 ---------------- arthur @alexion.com www.alexion.com ______________________________________________________________________ Philadelphia Linux Users Group - http://www.phillylinux.org Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
|
|