ksh executing a file without read permission
Jerry Peek
jdpeek at rodan.acs.syr.edu
Fri Dec 8 00:39:28 AEST 1989
In article <5516 at hplabsb.HP.COM> quan at hplabsb.HP.COM (Suu Quan) writes:
> "BETTER SECURITY. Ksh allows a system administrator to log and/or
> disable all priviledged scripts. On current UNIX systems, users need
> read permission to execute a script. With ksh, a system administrator
> can allow ksh to read and execute a script without giving a user
> permission to read it"
>
> Exactly what I want : have a file with permissions --x--x--x
> and have everyone execute it without being able to read it.
> How do you do it ?
We have ksh-i on our system. We didn't use the suid_exec program, but
here's a paragraph from the ksh src/README file that explains it:
The binary for ksh-i becomes the file named ./ksh which can be copied to
where ever you install it. If you want ksh-i to be able to run setuid/gid
shell scripts, or scripts without read permission, then it must be installed
in the /bin directory, the /usr/bin directory, or the /usr/lbin directory
and the name must end in sh. The program suid_exec must be installed in the
/etc directory, must be owned by root, and must be a suid program. If
you must install ksh-i in some other directory and want to be able to run
setuid/setgid and execute only scripts, then you will have to change the
source code file sh/suid_exec.c explicitly.
--Jerry Peek; Syracuse University Academic Computing Services; Syracuse, NY
jdpeek at rodan.acs.syr.edu, JDPEEK at SUNRISE.BITNET +1 315 443-3995
More information about the Comp.unix.wizards
mailing list