Home » Infrastructure » Unix » Problem related to file attribute (permissions)
Problem related to file attribute (permissions) [message #231481] Tue, 17 April 2007 04:30 Go to next message
lalit.thawani
Messages: 11
Registered: April 2007
Junior Member
Hi All..!

I have a small problem related to setting of permission of a file. If i set the following permission of a file---> -rwx--x---

using the command chmod 710 <filename>

My requirement (which is a valid one) is that i want the users in the group to execute the file but they should not read or write it.

Now when any other user in the group execute this file, he gets the following--> ksh: ./Top.sh: cannot open
(Top.sh happens to be my file name)

But when i change the permission of the file to -rwxr-x---, then they are able to execute. But my purpose is anyways defeated (as i dont want the group to read that file).

Is there a way out ?
Re: Problem related to file attribute (permissions) [message #232879 is a reply to message #231481] Mon, 23 April 2007 14:48 Go to previous messageGo to next message
andrew again
Messages: 2577
Registered: March 2000
Senior Member
You can consider creating a simple wrapper script to call the real script. Set SUID bit on the wrapper script so that it runs as the owner - not the invoker, and then the permission on the real script to 700.

Set the wrapper script to 4750.

http://www.zzee.com/solutions/unix-permissions.shtml#setuid

These bits may be disallowed on shell shrips in some *nix systems. Works fine on HP-UX under ksh.

[Updated on: Mon, 23 April 2007 14:49]

Report message to a moderator

Re: Problem related to file attribute (permissions) [message #232979 is a reply to message #232879] Tue, 24 April 2007 06:22 Go to previous messageGo to next message
lalit.thawani
Messages: 11
Registered: April 2007
Junior Member
Hi Andrew

Thanks for your effort. I got the concept of SUID.
But it seems that this does not work on HP-UX.
I created a simple wrapper script with permission of 4750 and permission of 700 on the actual script, but of no avail. The k shell throws the following error : cannot execute
I am looking into it ... will keep you posted. Will apreciate if u can test it at your end.

Thanks Again
Re: Problem related to file attribute (permissions) [message #233105 is a reply to message #232979] Tue, 24 April 2007 13:45 Go to previous messageGo to next message
andrew again
Messages: 2577
Registered: March 2000
Senior Member
My HP-UX definitely allows it. Try opening up the permissions until it works to find the issue.

Try 4755

Re: Problem related to file attribute (permissions) [message #233145 is a reply to message #233105] Wed, 25 April 2007 00:34 Go to previous messageGo to next message
lalit.thawani
Messages: 11
Registered: April 2007
Junior Member
Hi Andrew..

I opened up the permissions, still the same problem.
BTW can u tell me the version of your HP-UX.
(Mine is HP-UX release 11i)
Re: Problem related to file attribute (permissions) [message #233369 is a reply to message #233145] Wed, 25 April 2007 18:27 Go to previous messageGo to next message
andrew again
Messages: 2577
Registered: March 2000
Senior Member
I'm on 11i too.
usera>>uname -r
B.11.11

Note - I loose the SUID bits if I vi the file - so need to set them again. Try this:

From USER A:
------------
usera>>cat file1
#!/bin/ksh
file2

usera>>cat file2
#!/bin/ksh
echo this is file2

usera>>chmod 755 file1
usera>>chmod u+s file1 
usera>>chmod g+s file1
usera>>chmod 700 file2
usera>>ll file*       
-rwsr-sr-x   1 usera    useragrp         27 Apr 25 16:12 file1
-rwx------   1 usera    useragrp         30 Apr 25 16:05 file2

files:
total 0

## file1 runs file2 OK from owner
usera>>file1
this is file2


From USER B:
------------
## also fine from other user
userb>>file1
this is file2
## but other user can't exec file2 directly
userb>>file2
ksh: file2: cannot execute
Re: Problem related to file attribute (permissions) [message #233388 is a reply to message #233369] Thu, 26 April 2007 00:21 Go to previous message
lalit.thawani
Messages: 11
Registered: April 2007
Junior Member
Hi Andrew ..
Thanks for the detailed explaination.
I had done the same earlier.
But agian i did precisely as you mentioned

lalit>>ll file1 file2
-rwsr-sr-x 1 lalit ai 6 Apr 26 10:09 file1
-rwx------ 1 lalit ai 21 Apr 26 10:10 file2

lalit>> file1
this is file2

aiops001>> file1
file1: file2: cannot execute

(the user aiops001 and lalit belong to the same group)

Previous Topic: automatic execution upon logging in
Next Topic: Problem related to File handling in Perl
Goto Forum:
  


Current Time: Thu Mar 28 03:48:29 CDT 2024