Allow user to execute a shell script without seeing its contents?

Posted by Autopulated on Super User See other posts from Super User or by Autopulated
Published on 2011-02-18T12:15:05Z Indexed on 2011/02/18 15:27 UTC
Read the original article Hit count: 345

Filed under:
|

I'd like to have an hg hook that sends email using a gmail account. Obviously I don't want anyone to be able read the email-sending script except me or root, since it has a password in, so here's what I've tried:

-rwsr-xr-x  1 james james   58 Feb 18 12:05 incoming.email.sh
-rwx--x--x  1 james james  262 Feb 18 12:04 send-incoming-email.sh

where incoming.email.sh is the file executed as the hook:

#! /bin/bash
/path/to/send-incoming-email.sh

However, when I try to run as another user I get the error:

/bin/bash: /path/to/send-incoming-email.sh: Permission denied

The send-incoming-email.sh file works fine when I run as myself.

Is what I'm trying to do possible, or will setuid not propagate to commands executed from a shell script?

System is Ubuntu 10.04.2 LTS.

© Super User or respective owner

Related posts about shell-script

Related posts about setuid