In short my jenkins on a slave machine can execute a program like for example ionic from the execute shell segment, although when I start it by executing a shell script .sh file then it says the command doesn't exist. Is that permissions related? How to set that up? Do I need to exclude that application using visudo?
You need to set the permission of the .sh file to be executable,
which can be done with
chmod +x filename
. You need root privilege if you are not the owner of the file.
See https://wiki.archlinux.org/index.php/File_permissions_and_attributes to understand permissions.
Related
I have a shell script on /usr/bin/myapp and another 12 set of scripts on a diff folder (say /opt/myapp). I want a solution that only scripts from /opt/myapp can use or execute script in /usr/bin/myapp. This is to secure the script on /usr/bin/myapp and noone else except /opt/myapp should use it.
Any other solution is also accepted. Thanks in advance
The standard way is to grant "execute" permissions on the folder (or "read" and "execute" permissions on the scripts) only for a special group.
(Note that restricting "execute" permissions for the script alone is not enough, since read permissions are enough to execute a script with e.g. sh /path/to/script.)
Then you can grant the group permissions to the other scripts for instance via sudo (using some shell wrappers) or by writing your own binary wrappers.
Say I have a programme that's run from a shell script:
cd /path/to/file/
./programme
How would I bind that to a single command so I only have to type one thing? ie for most installed programmes I can just type the name of the programme and it's running
programme
you must add your script path in $PATH variable in ~/.bashrc file ,like this:
export PATH=$PATH:/path/to/file
or put your script in linux binary directory like /usr/local/bin , /usr/bin
For this you need to create a script with a name and give execute permission to it. Then Copy that script to /usr/bin directory . Now you can run your scrpt as a command in terminal. For details please refer the link https://devopsmanual.in/2018/04/17/create-our-own-script-in-linux/
I'm trying to create a shell script that can only be read/written by root but can be executed by everyone. I created a file test.sh, set ownership to "chown root:me test.sh" and set permissions to "chmod 711 test.sh", hoping this would do the trick. However, this results in a file that always needs sudo in order to execute. Is it possible to edit the rights such that anyone (without using sudo) can execute the script, but only root (using sudo) can read/write the file?
this is not possible to be achieved, at least with shell scripts.
In fact, at the moment of the execution, the shell program (I presume Bash) needs to read the content of the shell file and the process runs with your user name and permissions.
Having said this, the BASH program (ZSH, SH or any other shell follow the same rules) needs to be able to read the content of the file and this can be achieved only by granting read privileges +r. So, the bare minimum would be a 755 permission model.
An alternative is to run an actual program which does the job and wouldn't require read permission in order to be executed. But this is a totally different pattern.
This response explains it as well.
https://unix.stackexchange.com/questions/34202/can-a-script-be-executable-but-not-readable
I want to execute a file in bash without the .sh extension.
Example: I have file "abc.sh" which I can execute directly (as I have added #!/bin/bash as the first line) but I want the filename to be just "abc"
If the file is already executable as abc.sh, then all you need to do is
mv abc.sh abc
(assuming you are in the directory where the file lives)
In a Linux or Unix shell, file extension doesn't affect whether it will execute or not.
In Linux you use ./filename too run a script. And you need execute permission:
chmod 755 filename
But you still need the "Shebang":
#!/bin/bash
From here I got this:
If you did not put the scripts directory in your PATH, and . (the
current directory) is not in the PATH either, you can activate the
script like this:
./script_name.sh
A script can also explicitly be executed by a given shell, but
generally we only do this if we want to obtain special behavior, such
as checking if the script works with another shell or printing traces
for debugging:
rbash script_name.sh
sh script_name.sh
bash -x script_name.sh
What are the permissions on the file? To make it executable with doing something like ./abc.sh it needs to have EXECUTABLE rights.
You can always do bash abc.sh
Linux permissions overview
Filename in Linux doesn't mean anything in terms of execution capabilities, you can call the file myfile.something.something and it can still be executable. You can name it abc but it has to have EXECUTABLE rights for the user,group,other.
To add that permission you can do chmod +x <filename> but you should look at the link above for a better understanding.
I need to run a Make script that invokes a shell script.
I can run the shell script directly as root but when running make on the makefile (still as root) make is denied permission to run the same shell script?
The offending line in the Makefile is that one:
PLATFORM=$(shell $(ROOT)/systype.sh)
I could go in and hardcode the value of every PLATFORM variable of every Makefile scrip on the system but that would be pointless fix, I'd like to understand why there is that Permission Denied error:
make[1]: execvp: ../systype.sh: Permission denied
PS: The content of the shell script is not the issue even if the shell script only contain ls or echo linux the Permission is Denied to the Make utility to run the shell script.
PS: I am not a make expert by an mean so if the explanation is related to Make please be as specific as you can.
In your comments above you say when you "run it manually" you use . scriptname.sh, is that correct? You use . followed by scriptname.sh?
That does not run the script, that sources the script. Your statement that scriptname.sh will execute with and without the x permission since it is a shell script is wrong. You can source the script if you have read permissions. But you cannot execute the script unless you have execute permissions.
"Sourcing" means that a new shell is not started: instead your current shell (where you type that command) reads the contents of the script and runs them just as if you'd typed them in by hand, in the current shell. At the end all the side-effects (directory changes, variable assignments, etc.) that were performed in that script are still available in your current script.
"Executing" means that the script is treated like a program, but the program is a new shell that's started, which then reads the contents of the script and executes it. Once the script ends the shell exits and all side-effects are lost.
The $(shell ...) function in make will not source your script (unless you also use . there, which you did not). It will try to run your script. The error you show implies that either systype.sh did not have the execution bit set, or else that it had an invalid #! line. There's no other explanation I can think of.
If sourcing the file really does what you want then why not just use the same method in $(shell ...) that you use in your own personal use:
PLATFORM=$(shell . $(ROOT)/systype.sh)
If changing the user permission didn't work, are you sure that whatever user owns the script is the same user you're using to invoke make? You say you're "running as root"; is the script owned by root? Or is it owned by you and you're running sudo make or similar?
I don't know why you don't just use:
chmod +x systype.sh
and call it a day.
Adding execution permission to the file Group rather that the file User fixed the issue.
PS: I wonder why? It seems the Make utility run shell scripts not with the same user that started Make...