Code obfuscation is just a layer of false sense of security. You could learn and write the code in a c or c++ language that is compiled. Plus, if you can deobfuscate it, then probably someone else will.
Nevertheless, some obfuscation scripts are mentioned here:
On the other hand, you could set up the script permissions so that it cannot be read by other users except for the root (or setup the sudoers file and configure it with sudo).
First, regarding the dot in
./script.sh, this indicates that script.sh can be found in the working directory, it means something like "look for script.sh here, in this directory". This is known as dot slash, and it is well explained here.
I see three options:
If you intend to restrict the file to only run if it is in the user's current working directory when he runs your Python script, then use the dot slash. However, this doesn't seem like the best idea: it will lead to exceptions most of the time.
If you intend to restrict your shell script to run only if it is in the same directory as your Python script, then you would need to find out your Python script's directory and prefix it to the name of your script.
If you intend to place your shell script elsewhere in your PATH, don't use the dot slash.
Now, sending "bash" as an argument to the Popen constructor seems more like a matter of preference. If you don't want to send it as an argument, then you will need to add a shebang to the shell script, e.g.
#!/bin/bash, and you will need to add execute permissions to it. These are perfectly acceptable things to do.
One benefit of doing it this way is if later one changes the shell interpreter, it won't be necessary to modify every single call to that script in who knows how many Python scripts.
And one can just call the script like:
cmd = subprocess.call('script.sh')
cmd = subprocess.call(sdir + 'script.sh')
# Where sdir stands for the script's directory,
# which you would need to find before, as in option #2.
Even if your script runs without a shebang normally (in which case it almost certainly gets executed by dash and not by bash on Debian based distros), when calling it from python like this, it will fail and raise an OSError exception with errno 8 (errno.ENOEXEC).
If it's really necessary, use Popen.
I save my own scripts in
If your script should executeable by every system user, you can create a symbolic link to
If only root should execute the script, you can create a symbolic link to
Command to add a symbolic link in
You can execute the script, because
/usr/bin/is in your PATH by default.