> What is the minimum mode requirement for my script file for other uses to use?

444 is the minimum if you can invoke the interpreter directly.
555 is the minimum if you want to run it by shebang line magic.
755 is used most often though.

> Why 711 not ok? Isn't "-x" means be able to run?

"scripts" are not executable programs.

They are the _input_ to an executable program (the interpreter).

The interpreter must be able to read the script if it is to interpret it…

Tad McClellan

No, that only works for binary executables. When you run a script, it's equivalent to running the interpreter with the script as a filename parameter, and the interpreter has to be able to read the file.

Barry Margolin

documented on: 1999.09.02 Thu 15:26:49

From the Expect manpage:

It is often useful to store passwords (or other private information) in Expect scripts. This is not recommended since anything that is stored on a computer is susceptible to being accessed by anyone. Thus, interactively prompting for passwords from a script is a smarter idea than embedding them literally. Nonetheless, sometimes such embedding is the only possibility.

Unfortunately, the UNIX file system has no direct way of creating scripts which are executable but unreadable. Systems which support setgid shell scripts may indirectly simulate this as follows:

Create the Expect script (that contains the secret data) as usual. Make its permissions be 750 (-rwxr-x---) and owned by a trusted group, i.e., a group which is allowed to read it. If necessary, create a new group for this purpose. Next, create a /bin/sh script with permissions 2751 (-rwxr-s—x) owned by the same group as before.

The result is a script which may be executed (and read) by anyone. When invoked, it runs the Expect script.

documented on: 2003.12.18 Thu