Where should I store my bash scripts?

Konstantin_hu · 2013-06-12 06:12:10

Hi!

In which directory should I store securely my own bash (and Ruby, Python) scripts? Some of them contain passwords too, for example which uploads files to an FTP server. Is it secure to store them in /usr/local/bin? What chmod setting should I apply on them? 755?

cookies · 2013-06-12 06:47:24

I added ~/bin to my path and put my scripts there. As long as you are the only one using those scripts you should be fine with ~/bin. If other users need to use some of those scripts, too, /usr/local/bin might be a better location those.

Konstantin_hu wrote:

Some of them contain passwords too, for example which uploads files to an FTP server. Is it secure to store them in /usr/local/bin? What chmod setting should I apply on them? 755?

Setting permissions to 755 makes the files world-readable, which is a very bad idea in that case, http://www.tuxfiles.org/linuxhelp/filepermissions.html

karol · 2013-06-12 07:58:23

I think the most often location I came across are

export PATH="$PATH:/usr/local/bin/"

or

export PATH="${PATH}:${HOME}/bin"

SanskritFritz · 2013-06-12 08:42:46

Scripts like yours should be encrypted because if your computer gets stolen, all data on the harddisk will be accessible regardless of permissions. I recommend to encypt the ~/bin directory with encfs. Of course that means you will have to enter the password at every boot (or login for that matter).

cfr · 2013-06-12 23:22:40

Putting passwords in scripts in clear text strikes me as a bad idea even if you do encrypt your disk or include them in an encrypted container. But perhaps my feeling that this is opening security holes is merely a feeling...

Of course, it depends on what the passwords are for. There are things I have passwords for where it wouldn't bother me but those are passwords I'm not worried about being exposed.

WonderWoofy · 2013-06-12 23:26:16

karol wrote:

I think the most often location I came across are
export PATH="$PATH:/usr/local/bin/"
or
export PATH="${PATH}:${HOME}/bin"

@karol, this will effectively make your PATH="/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/local/bin" as the /usr/local directory is already set up to override anything in /usr/bin anyway.

% grep PATH /etc/profile
PATH="/usr/local/sbin:/usr/local/bin:/usr/bin"

progandy · 2013-06-12 23:36:46

If you need to store the password relatively secure, do this:
- data file in encrypted partition to store password. (only root has read access)
- wrapper executable using suid (only root can modify it)
- shellscript (only root can modify it)
> wrapper runs as root, opens data file, drops privileges, executes hardcoded bash script, script reads file.

karol · 2013-06-12 23:38:52

WonderWoofy wrote:

karol wrote:
I think the most often location I came across are
export PATH="$PATH:/usr/local/bin/"
or
export PATH="${PATH}:${HOME}/bin"
@karol, this will effectively make your PATH="/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/local/bin" as the /usr/local directory is already set up to override anything in /usr/bin anyway.
% grep PATH /etc/profile
PATH="/usr/local/sbin:/usr/local/bin:/usr/bin"

Good point. I was looking over some old notes when this thread came up and it didn't occur to me check the facts first.
Typically me ;P

firecat53 · 2013-06-12 23:51:13

I believe the XDG spec (and Python PEP 370, if you care) also allow use of directories under ~/.local/{bin, lib, var, share} . This is what I prefer, as it keeps my $HOME a little cleaner.

Scott

Trilby · 2013-06-13 00:30:09

I used to have a ~/bin, but after a while most of the items in it had spent their early days in ~/code, so eventually I moved ~/bin to ~/code/bin and added only the last one to my path. I have several small tools there that I've just never bothered to make PKGBUILDS for.

ayekat · 2013-06-30 22:08:49

firecat53 wrote:

I believe the XDG spec (and Python PEP 370, if you care) also allow use of directories under ~/.local/{bin, lib, var, share} . This is what I prefer, as it keeps my $HOME a little cleaner.

I didn't know that this was specified by XDG (thanks!). But anyway, I also keep my scripts in ~/.local/bin, as it doesn't clutter up my home folder.
For passwords... I usually try to avoid passwords in files, and otherwise they are at least never too critical (lastfm account password in mpdscribble config, for example). I just try to be careful with permissions.

Roken · 2013-06-30 22:13:32

I use ~/scripts and have it added to my path. That way, I can never confuse my own scripts with installed programs. I guess I could use /opt/scripts or something similar to stay closer to the definition, but it wouldn't change things, and keeping them in ~/ means I can edit without root.

Arch Linux

#1 2013-06-12 06:12:10

Where should I store my bash scripts?

#2 2013-06-12 06:47:24

Re: Where should I store my bash scripts?

#3 2013-06-12 07:58:23

Re: Where should I store my bash scripts?

#4 2013-06-12 08:42:46

Re: Where should I store my bash scripts?

#5 2013-06-12 23:22:40

Re: Where should I store my bash scripts?

#6 2013-06-12 23:26:16

Re: Where should I store my bash scripts?

#7 2013-06-12 23:36:46

Re: Where should I store my bash scripts?

#8 2013-06-12 23:38:52

Re: Where should I store my bash scripts?

#9 2013-06-12 23:51:13

Re: Where should I store my bash scripts?

#10 2013-06-13 00:30:09

Re: Where should I store my bash scripts?

#11 2013-06-30 22:08:49

Re: Where should I store my bash scripts?

#12 2013-06-30 22:13:32

Re: Where should I store my bash scripts?

Board footer