------------------------------------------------------------------------------- >On SunOS 4.2 you can create a new (not used for anything else) group and >make the shell script setgid to that group (it must be a #! type shell >script). Then make its permissions be 2751. This works quite well for us. Our sh groks #!/bin/sh, I haven't tried it on a system that doesn't. We created several shell "wrappers" for system utilities, to generate some usage statistics. The actual binary was moved and group protected, and was replaced by a shell script. For instance, ps was moved to someplace like /usr/utils/ps, chgrp'd to utils, and given perms of 710 (-rwx--x---). It was replaced by a /bin/ps shell script with ownership and perms of root/utils/2751 (-rwxr-s--x). The shell script writes the user id and date into a log file, and then executes the real ps binary. We use the same trick for other shell scripts that we don't want Joe User reading. On systems that don't grok #!/bin/sh, you could probably use a sgid "startup" script, that then fires off the actual script that you don't want readable. Bob Johnson, Control Data Corp (contractor to...) Tinker Air Force Base, Oklahoma ------- Note that making a shell script unreadable does not make it secure. Shell Shock and exported functions make shell scripts in a un-sanitized environment insecure. -------------------------------------------------------------------------------