Is there any way to manually add a "package" (eg. Python) to a group?

Tags:

Answer: 1

14 hours ago

I've made a Python script that basically holds the account information for a special account I use on Reddit. All's fine and dandy, until I realized that, even though the folder is hidden, users etc. can still technically see and get to the directory if they go there manually or something along the lines of it (eg. viewing the files I used for the script in plain text by doing gedit /path/to/.hidden).

I tried getting around this by simply making root the primary owner and the only one who can view that specific folder, emphasized so that people don't think I locked myself out of main home folders, but the issue now is that Python can't view the files needed because it has no read access.

Would there be any possible way to add Python to its own group, similarly to what Virtualbox does automatically when you set it up (eg. so I can do something along the lines of sudo chown python:python /path/to/files)? If not, are there any alternatives to prevent snooping, but to still allow Python to view and read the files?

I'm using Ubuntu 18.04 (and if it helps any, I've got installed and have mainly been using the MATE Desktop environment.)

Added by: Dr. Eva Mayert DVM

Answer: 2

14 hours ago

You can make new user, make it ownership of script, and disable all others access to script(0700 permissions)

To run script use sudo command as follows, so you have to type password everytime and that makes a bit of security.

sudo -u newuser python /path/to/.hidden

Update: To hide newuser from login page make it uid below 1000, and set shell to /bin/false so not allowing login anyway, but still possible to sudo as this user

Added by: Bailee Kutch

Answer: 3

23 hours ago

No, fundamentally not. You want the user to be able to read the file, via the python command, but not check the content of the file.

First of all, from technical perspective, it could be possible if you make python a setuid binary (Note: don't do this; this will probably break other parts of your system). But. Python is not made for that.

I can start python with python -i script:

-i        When  a  script  is passed as first argument or the -c option is
          used, enter interactive mode after executing the script  or  the
          command.  It does not read the $PYTHONSTARTUP file.  This can be
          useful to inspect global variables  or  a  stack  trace  when  a
          script raises an exception.

This basically means that I can access all variables and methods in your script freely. I can modify the behavior of the script. If it logs into reddit, I can acquire the authentication tokens, and sign in using a browser. It would probably be possible to retrieve the password as well.

I could even write a small python script, that reads your script, line by line, and prints it back to me. Python cannot be made safe for setuid, because it's a full featured programming language. If you allow python to read the file, you allow any user that can run python to read the file.

The problem is fundamentally that you are trying to hide the information from the user. However, to perform the intended function, the user requires this information. That's an unsolvable problem.

Added by: Ms. Zaria Smith

Popular Search

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9