Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Allowing users to execute shell scripts without seeing password

Re: Allowing users to execute shell scripts without seeing password

From: Michael Haddon <m.haddon_at_comcast.net>
Date: Sat, 18 Feb 2006 09:49:24 -0600
Message-ID: <43F74204.5020105@comcast.net> 




  


First, I would really need to know some more information, allowing
users to log into their own Unix account, (any Unix), and then
executing a shell script is not unknown, it is done all the time for
different reasons and to perform different tasks. Whether it is to set
up their environment or to drop them into a default application.



Another good question would be 'what password?', what does this script
do that it needs a password?, there are several ways to execute a script

without displaying certain sensitive information. Just depends on what
you want to do.



I would not normally use the setuid bit where it is not absolutely
needed. If it is used improperly it can create some serious security
issues. There are plenty of alternatives like sudo, or maybe
accomplishing the task without imbedding the password in the file.
(best alternative).



I would love to assist with this issue, if you can provide some more
information I would be happy to help.



Mike





Ken Naim wrote:


  
I am probably not be reading enough into the question, but here are my 2
cents; just set permission to execute only with no read or write access.

Ken Naim 

-----Original Message-----
From: oracle-l-bounce@freelists.org [mailto:oracle-l-bounce@freelists.org]
On Behalf Of Radoulov, Dimitre
Sent: Friday, February 17, 2006 12:36 PM
To: oracle-l@freelists.org
Subject: Re: Allowing users to execute shell scripts without seeing password

Got error, trying to resend ...

  

  

    
I've been trying to figure out a way that I can have my users allowed 
to login to the server (HP-UX) with their own account and run a shell 
script that's owned my me ...
but I don't want them to be able to see the password.
I had no luck just granting them execute on the shell script, they had 
to have read priviledges in order to execute it apparently.
Any suggestions??
    

  

  

 As suggested on comp.unix shell you can use shell script compiler.

 You can try Francisco Javier Rosales GarcĂ­a's shc:

 Home page:
http://www.datsi.fi.upm.es/~frosal/

 Download link:
http://www.datsi.fi.upm.es/~frosal/sources/shc-3.8.3.tgz



 Regards,
Dimitre

--
http://www.freelists.org/webpage/oracle-l


--
http://www.freelists.org/webpage/oracle-l




  






--
http://www.freelists.org/webpage/oracle-l
Received on Sat Feb 18 2006 - 09:49:24 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US