Hi All,
- I have stored Oracle database passwords in a hidden file - .pass_file.
- My shell script reads the hidden file, gets the password and then logs in to the Oracle database and runs some SQL script.
My requirement is:
- I need to provide the shell script to be executed by someone else. So, I want to encrypt the password file and my shell script should decrypt it.
However, whoever has access to the script should not be able to decrypt it.
Is it possible? If so, how?
TIA,
Regards,
Praveen
Short answer: No. It is not.
Long answer: The script, by definition, would contain complete unambiguous instructions for decrypting the password file, or else the computer couldn't do it. Giving them a safe and a key might as well just be giving them the contents. So that way won't work.
If you don't want someone to read that file, don't let them read it. chown and chmod are secure against non-root users, the computer will tell them 'permission denied' and nothing else. Set up a separate account which you can only get into by sudo for the file, with no access to the file for other users (0600). Then only allow them to sudo to this account in the exact right way. You could set up helper scripts for this purpose.