Allow user to execute a shell script without seeing its contents?
Posted
by
Autopulated
on Super User
See other posts from Super User
or by Autopulated
Published on 2011-02-18T12:15:05Z
Indexed on
2011/02/18
15:27 UTC
Read the original article
Hit count: 345
shell-script
|setuid
I'd like to have an hg hook that sends email using a gmail account. Obviously I don't want anyone to be able read the email-sending script except me or root, since it has a password in, so here's what I've tried:
-rwsr-xr-x 1 james james 58 Feb 18 12:05 incoming.email.sh
-rwx--x--x 1 james james 262 Feb 18 12:04 send-incoming-email.sh
where incoming.email.sh
is the file executed as the hook:
#! /bin/bash
/path/to/send-incoming-email.sh
However, when I try to run as another user I get the error:
/bin/bash: /path/to/send-incoming-email.sh: Permission denied
The send-incoming-email.sh
file works fine when I run as myself.
Is what I'm trying to do possible, or will setuid not propagate to commands executed from a shell script?
System is Ubuntu 10.04.2 LTS.
© Super User or respective owner