Changes

Eric Franz · cdf1f31a
--- a/Protecting-Other-Code.md
+++ b/Protecting-Other-Code.md
+Binary
+------
+Set execute only permission. (Look into memory dumping using ptrace)
+
+Script
+-------
+Scripts need read permission so interpreter can read it.
+
+One possibility is using `sudo` referenced from [http://unix.stackexchange.com/questions/16623/file-permission-execute-only/77538#77538](http://unix.stackexchange.com/questions/16623/file-permission-execute-only/77538#77538).
+
+Example script you want to share with a user:
+```
+me@OB1:~/Desktop/script/$ chmod 700 somescript.pl
+me@OB1:~/Desktop/script/$ ls -l somescript.pl
+-rwx------ 1 me me 4519 May 16 10:25 somescript.pl
+```
+
+Make a shell script that calls this script and save it in /bin/
+```
+me@OB1:/bin$ sudo cat somescript.sh
+[sudo] password for me: 
+#!/bin/bash
+sudo -u me /home/me/Desktop/script/somescript.pl $@
+```
+
+Make sure the shell script is readable/executable to the user (no write access):
+```
+sudo chmod 755 /bin/somescript.sh
+me@OB1:/bin$ ls -l somescript.sh
+-rwxr-xr-x 1 root root 184 May 28 18:45 somescript.sh
+```
+
+Make exception in /etc/sudoer by adding these lines:
+```
+# User alias specification
+User_Alias  SCRIPTUSER = me, someusername, anotheruser
+
+# Run script as the user 'me' without asking for password
+SCRIPTUSER ALL = (me) NOPASSWD: /home/me/Desktop/script/somescript.pl
+```
+
+Checking access
+```
+someuser@OB1:~$ somescript.sh
+***You can run me, but can't see my private parts!***
+
+someuser@OB1:~$ cat /home/me/Desktop/script/somescript.pl
+cat: /home/me/Desktop/script/somescript.pl: Permission denied
+```
+
+Notes:
+* This could possibly be implemented with groups instead of individual usernames.
+* Output from script will be owned by "me" and not "someuser".
\ No newline at end of file