ksh executing a file without read permission

Jerry Peek jdpeek at rodan.acs.syr.edu
Fri Dec 8 00:39:28 AEST 1989


In article <5516 at hplabsb.HP.COM> quan at hplabsb.HP.COM (Suu Quan) writes:
> 	"BETTER SECURITY. Ksh allows a system administrator to log and/or
> 	disable all priviledged scripts. On current UNIX systems, users need
> 	read permission to execute a script. With ksh, a system administrator
> 	can allow ksh to read and execute a script without giving a user
> 	permission to read it"
> 
> Exactly what I want : have a file with permissions --x--x--x
> and have everyone execute it without being able to read it.
> How do you do it ?

We have ksh-i on our system.  We didn't use the suid_exec program, but
here's a paragraph from the ksh src/README file that explains it:

  The binary for ksh-i  becomes the file named ./ksh which can be copied to
  where ever you install it.  If you want ksh-i to be able to run setuid/gid
  shell scripts, or scripts without read permission, then it must be installed
  in the /bin directory, the /usr/bin directory, or the /usr/lbin directory
  and the name must end in sh. The program suid_exec must be installed in the
  /etc directory, must be owned by root, and must be a suid program.  If
  you must install ksh-i in some other directory and want to be able to run
  setuid/setgid and execute only scripts, then you will have to change the
  source code file sh/suid_exec.c explicitly.

--Jerry Peek; Syracuse University Academic Computing Services; Syracuse, NY
  jdpeek at rodan.acs.syr.edu, JDPEEK at SUNRISE.BITNET        +1 315 443-3995



More information about the Comp.unix.questions mailing list