Interpreted languages and shells (PHP, Python, Ruby, Perl, Bash, ZSH
etc..) all require read access to the script they are running, so they
can actually 'read' the commands they need to interpret. By default,
the ruby interpreter runs with the privileges of the user who executed
it. A possibility, although I have not tried it myself, would be to
setuid the ruby executable so that the interpreter always runs with
permission to read the script, even if the user does not have those
permissions.

Only complied binary's can have only the executable bit set without
the read bit set, so another option you have, would be to put the ruby
file into a C char* and execute it using something like system("ruby
-e 'ruby_code'"). Of course you'd need to make sure strings are
properly escaped, and this might be too much work if the script is
constantly changing.

Other than that, I can't think of any other ways around the problem. I
could be wrong though, and if anything I've said above is incorrect
I'm happy to be corrected.

I hope I've helped you in someway.

Christian

On 10/7/07, |MKSM| <mksm.sama / gmail.com> wrote:
> Hello.
>
> I have written an app in Ruby for my company and I was the only one
> that had acess to read/execute it. I've hired someone to help me with
> daily work and that includes having him execute a set of those Ruby
> scripts.
>
> Is it possible to allow him to only execute the code and not give read
> permission? All boxes are running Linux.
>
> Regards,
>
> Ricardo Amorim
> mapaBRASIL.net
>
>



-- 

"Every child has many wishes. Some include a wallet, two chicks and a
cigar, but that's another story."