Suppose I have a perl (or python) script that does something highly secretive; I’d only want to allow certain users to actually be able to use the script. Currently, I gain this functionality by maintaining a read-only text file called allowedUsers.txt and check with the following:
my $username = `whoami`;
my %allowedUsers;
open ALLOWED_USERS, "allowedUsers.txt";
while(<ALLOWED_USERS>) {
$allowedUsers{$_} = 1;
}
if($allowedUsers{$username} != 1) {
die "Sorry, user $username does not have access.\n";
}
This works just fine, however since the script is necessarily readable (otherwise Perl itself would not be able to execute it), nothing is stopping people from simply making a copy of the script, commenting out this section of code, and then running their “hacked” version to circumvent the identity check!
Is there a better way to achieve the restriction of script execution to a subset of users? For instance, can I have perl code that is not readable but somehow executable by everyone?
Only allow a certain group of users to read/execute your script, and put the relevant users in this group.
EDIT: more precisely:
trusted_userswith your preferred user management toolchgrp trusted_users my_script.plchmod u=rwx,g=rx,o= my_script.pl(the owner may read, write, execute; the group members may read and execute; the others can do nothing)