Can a script be executable but not readable?
The issue is that the script is not what is running, but the interpreter (bash
, perl
, python
, etc.). And the interpreter needs to read the script. This is different from a "regular" program, like ls
, in that the program is loaded directly into the kernel, as the interpreter would. Since the kernel itself is reading program file, it doesn't need to worry about read access. The interpreter needs to read the script file, as a normal file would need to be read.
This is possible only for binaries.
$ chown foo:foo bar
$ chmod 701 bar
As the unprivileged user:
$ ls -lha bar
-rwx-----x 1 foo foo 7.0K 2012-03-15 03:06 bar
$ cat bar
cat: bar: Permission denied
$ ./bar
baz
Now, here is the kicker. While the file is unreadable by conventional means, you can't actually prevent reading the file. This is actually a challenge on http://smashthestack.org/ (level 13). There is a well known utility called hktrace
that allows you to read the file using ptrace
.
This is not possible, at least on Linux (other Unices might allow it); think about it, when you run the script, the shell needs to read it in order to know what to do.