1

Is it possible to hide the code of a script shell. I want to write a script in bash(.sh), but I don't want other root user to be able to read the script. I just want other can execute the script but not read the code. Even it the root user open the script, they will see the code but encrypted(not human readable). Is it possible ?

PS : I can give permission --x--x--x, but the root user will always be able to read the code. (by the way , I'm root user, just don't want other root user, see my code)

Thanks

Linus
  • 95
  • 1
  • 9
  • The issue you have is that any measure you set as a root user can be overridden by anyone else with root permissions. This is why the root account shouldn't be typically used apart from extreme use cases. – Raman Sailopal Feb 12 '21 at 13:27
  • Note that you *can't* remove read permission from a shell script -- this would not allow the script to be executed by users. [Read permission is needed](https://unix.stackexchange.com/questions/34202/can-a-script-be-executable-but-not-readable). – costaparas Feb 12 '21 at 13:44
  • You say "_encrypted_" but for that to work either the users allowed to use the script need a decryption key - or the decryption key is embedded into the program and then anyone with time on their hands will be able to figure out how to read the code in whatever format it is. Even if it's in pure assembly. Would you be content with obfuscation instead? – Ted Lyngmo Feb 12 '21 at 13:56
  • could be an option, I can give the key to the user to run the script, or put the key in another script that run the script. the key ? does it means that who as the key can also read the script or it can be used only for executing the script ? – Linus Feb 12 '21 at 14:31
  • Unless a third party is involved I don't see how you could supply the user of the script a decryption key that lets him/her execute the script without the user also being able to read that what is being executed if they are serious about it. There's something inherently wrong with the situation though. Two `root` users on the same system and one wants people to execute stuff without sharing the code. If I were the other `root` guy, I wouldn't trust you if you tried pulling stunts like that on me and I would work on having your `root` privs revoked. – Ted Lyngmo Feb 12 '21 at 14:47
  • sure, but the situation is "special". I'm asking that because I recalled using Oracle, some code where crypted, you were able to execute the store procedure for example but once you open it, it was not "human readable" – Linus Feb 12 '21 at 15:02

1 Answers1

0

you can do this with shc (generic shell script compiler)

shc -f you_shell_script.sh
./your_shell_script.sh.x
Derviş Kayımbaşıoğlu
  • 28,492
  • 4
  • 50
  • 72
  • 1
    Sounds like a pretty simple obfuscation method. I don't understand the downvote. I just tested it with a simple `#/bin/bash` `echo "Hello world"` script and ran `strings` on the result and `grep Hello` and it couldn't even find that text... :-) – Ted Lyngmo Feb 12 '21 at 13:39
  • Note that `shc` will *encode* the shell script and embed it into a C program. You then run the compiled C program, which decodes & runs the shell script as usual. It is not an *encryption*, and a user running it can easily recover the decoded shell script. – costaparas Feb 12 '21 at 13:46
  • @costaparas I'm pretty sure that OP means _obfuscation_ rather than _encryption_. I asked about it under the question just now. – Ted Lyngmo Feb 12 '21 at 13:57
  • 1
    @ted quite possibly, and I assume so as well. Here, I'm just clarifying what this answer actually does, in case someone thinks it does "encryption", which is doesn't. – costaparas Feb 12 '21 at 14:04
  • 1
    I also didn't downvote this, but I suspect its the same person who downvoted the question & voted to close the question since it apparently belongs on Super User (I'm impartial on this point, it can go on either site imo). – costaparas Feb 12 '21 at 14:06
  • 1
    So the command shc -f will not encrypt the script. If someone has the script,it can easily find out how to read the code behind the script – Linus Feb 12 '21 at 14:16
  • @Linus They will just have to apply the same algorithm that is used within `shc` to "unobfuscate" it. – Ted Lyngmo Feb 12 '21 at 14:49
  • Its actually quite trivial to recover the original source. There are several ways of doing it, as explained in [this post](https://stackoverflow.com/questions/3408373/retrieve-plain-text-script-from-compiled-bash-script). I have done so previously using the accepted answer of that question, not sure how reliable the other methods are. – costaparas Feb 13 '21 at 11:06