Skip to main content
Unix & Linux

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

2
  • +1. You've written about 90% of the answer that I would have. The main thing to add is that instead of allowing the user to run anything as the uid that can read the encryption-key file, sudo could be configured to allow the user to only run one script as that uid, and that script could perform various checks, e.g. to ensure that its parent process was some other specific script before reading and using the key file. Commented May 30 at 12:33
  • i.e. write two scripts, with one script doing most of the work as the user, and using sudo to run the second script. Apart from performing various checks, the second script should do only the bare minimum required to access and use the key file. Preferably, it should not take arguments or use any variables from the environment (e.g. don't rely even on $PATH, use hard-coded executable paths). it should not ever, under any circumstances, pass the crypto key to the user or any of their processes. it should use the key and discard it immediately. Commented May 30 at 12:35