I should also mention, that using setuid on the ruby executable could
open up security issues on the systems where you use this method, and
the script would need to be executed explicitly using 'ruby
some_script' as the users shell will not have read access to the
script to read any #!/usr/bin/ruby lines at the start of the script to
find which interpreter to use if executed using ./some_script.

On 10/7/07, Christian <chippersbox / gmail.com> wrote:
> Interpreted languages and shells (PHP, Python, Ruby, Perl, Bash, ZSH
> etc..) all require read access to the script they are running, so they
> can actually 'read' the commands they need to interpret. By default,
> the ruby interpreter runs with the privileges of the user who executed
> it. A possibility, although I have not tried it myself, would be to
> setuid the ruby executable so that the interpreter always runs with
> permission to read the script, even if the user does not have those
> permissions.
>
> Only complied binary's can have only the executable bit set without
> the read bit set, so another option you have, would be to put the ruby
> file into a C char* and execute it using something like system("ruby
> -e 'ruby_code'"). Of course you'd need to make sure strings are
> properly escaped, and this might be too much work if the script is
> constantly changing.
>
> Other than that, I can't think of any other ways around the problem. I
> could be wrong though, and if anything I've said above is incorrect
> I'm happy to be corrected.
>
> I hope I've helped you in someway.
>
> Christian
>
> On 10/7/07, |MKSM| <mksm.sama / gmail.com> wrote:
> > Hello.
> >
> > I have written an app in Ruby for my company and I was the only one
> > that had acess to read/execute it. I've hired someone to help me with
> > daily work and that includes having him execute a set of those Ruby
> > scripts.
> >
> > Is it possible to allow him to only execute the code and not give read
> > permission? All boxes are running Linux.
> >
> > Regards,
> >
> > Ricardo Amorim
> > mapaBRASIL.net
> >
> >
>
>
>
> --
>
> "Every child has many wishes. Some include a wallet, two chicks and a
> cigar, but that's another story."
>


-- 

"Every child has many wishes. Some include a wallet, two chicks and a
cigar, but that's another story."