Best practices for holding passwords in shell / Perl scripts?

Question

I\'ve recently had to dust off my Perl and shell script skills to help out some colleagues. The colleagues in question have been tasked with providing some reports from an inter

Answer 1

Since you've tagged ksh & bash I'm going to assume Linux.

Most of the problem is that if the user can read the script and locate the method you used to hide / encrypt the file then they will also be able to do the same thing manually.

A better way may be do the following:

1. Make your script so it can only be seen/read/opened by you. chmod 700 it. Hardcode passwords away.
2. Have a "launcher" script that is executable by the user and does a sudo .

This way the user can see your launcher script, examine it to see it only has the single command line. They can run it and it works, but they don't have permissions to read the source for the script that is sudo'd.