0

I have a shell script on /usr/bin/myapp and another 12 set of scripts on a diff folder (say /opt/myapp). I want a solution that only scripts from /opt/myapp can use or execute script in /usr/bin/myapp. This is to secure the script on /usr/bin/myapp and noone else except /opt/myapp should use it.

Any other solution is also accepted. Thanks in advance

Improve this question
4
  • Why storing the scripts in usr/bin at first instance, use a dedicated folder, why not a zip with a password. Commented Jan 8, 2021 at 6:33
  • I have passwords in /usr/bin Commented Jan 8, 2021 at 7:21
  • Then only yourself can execute those scripts anyway. Please add more details, not sure of your goal. It might be simpler than it looks like. The proper way is to use the @Martin solution, but this add a whole level of possible other issues. Commented Jan 8, 2021 at 7:24
  • 1
    @Dinesh : This looks like a design flaw. Basically, permission of executing scripts relies of having the read-permission of the script, and not of the location of the caller. Maybe it would be better, to code the 12 "scripts" as functions inside the "master script" instead of having them as separate files. In this case, only a really malevolent user could get his fingers at these twelve holy pieces of code, and he would need purposely break your design. Commented Jan 8, 2021 at 8:58

1 Answer 1

Reset to default
1

The standard way is to grant "execute" permissions on the folder (or "read" and "execute" permissions on the scripts) only for a special group.

(Note that restricting "execute" permissions for the script alone is not enough, since read permissions are enough to execute a script with e.g. sh /path/to/script.)

Then you can grant the group permissions to the other scripts for instance via sudo (using some shell wrappers) or by writing your own binary wrappers.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thx Martin for u r inputs .. Will try this and update you the same

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.