Many time you want to allow other Linux users to execute your code but restrict them from reading or writing it. Below we will show you unix trick where you can make binary file non readable to users but allow execution by adding setuid
to your file.
Before we begin....
We need to note that this trick will only work with binary file and not the actual script which requires interpretation with interpreter. We have already explained how to convert python code to executable binary. You can check the guide to covert your code to corresponding binary executable based on the programming language you are using.
-
Change Default Permission to Only Executable for all users except Owner. Here
hello
is the binary file$ cd /my/binaries/ $ chmod 711 hello $ ls -la hello -rwx--x--x 1 bob bob 5.5M Apr 30 22:12 hello
-
Switch to some other user and try executing file.... And user shall get error related to permission issues
$ sudo su - alice $ cd /my/binaries/ $ ./hello [31868] Cannot open self /my/binaries/hello or archive
-
Make
hello
executable by adding setuid flag with 4711$ chmod 4711 hello $ ls -la hello -rws--x--x 1 bob bob 5.5M Apr 30 22:12 hello
-
Now ask alice to try again
$ sudo su - alice $ cd /my/binaries/ $ ./hello Hello World
Conclusion
Here we learned how to make use of setuid
flag to allow Alice to execute non readable binary file which is owned by the Bob.