Hi Everybody,
I have a script that telnet another system. For some reasons, this is should be done by "root", so the root password has been written explicitly in this script, which mean any body read this script will know the root password of the other system. I think the solution is to write another script that can Encrypt & Decrypt the password. But I'm not expert in Shell Programming. Because it is important for me to solve this problem quickly, could any body help me please?
what about giving 'read' and permission only for 'root' user and
remove all permissions for everyone else.
chmod 300 script
Thank you bhargav for your response. Actually the script will be run by another user. Is it possible to change the file's permission to 310? Althought, I prefer to write an encryption script, because I suffered from file's permission story.
Why would this help? If you write a decryption script, someone can read that. Then they can use the decryption technique to decrypt the first script. The only way to avoid that is to let the decryption script prompt for a password to use during the decryption process. But anyone who knows that decryption password can decrypt the first script and get the root password. Another way to get the root password is to break the encryption process. Good encryption is hard to write.
Whoever runs this script is going to have a way to acquire the root password. So just give this person the root password. Do not put the root password in the script. Have the script prompt for it.
In my opinion, if some one can read the script that encrypt the password, doesn't mean he can understand & use the encryption technique. In fact, it is better than getting the password directly from the script. Also I want to clarify when I said �the script will be run by another user�, I mean another OS user.
Finally, I didn't want a perfect encryption script, because whatever the simplicity of this script it is better hardcoded password.
Thank to all for your responses.
I would have to agree with that, better to know who has the root password than provide a backdoor for anyone to get it.
If I understand correctly you want to encrypt the root password of the remote system. Another alternative would be to give an unpriveleged account on the remote system sudo access to run the commands that need to be run and change the script to login as that user.
To make every thing clear, the main script in pseudo code is as follow:
...
telnet("host-name")
login("root","xxx")
...
where xxx is the root password.
I want to replace the above with any solution where I can:
- avoid writing the password explicitly in the script.
OR - protecting the file from all other users without affecting the user account that have the execute permission.