Access permission to execute a script

Question

I understand that three types of permissions to a file (read, write, execute) can be set independently, hence there are eight possibilities per file per user (superuser, group, normal user). Based on this fact, I had believed that a superuser can set a certain script file (in my case, a Ruby file) to be executable but not read/writable to a normal user. But in the context of this question, Wayne Conrad and Linuxios noted me that a script cannot be run by a user who does not have read permission to that file.

1. Why is this the case? If a user needs read permission in order to execute it, then why is it possible to set the three permission types independently? Particularly, what does it mean to set a script file permission to executable but not readable?

2. Is there some way (hackish, it may be) to make a script file runnable but not readable from a certain user?

Answer 1

In the case of script files (python, perl, ruby, shell, etc.), the file itself is not "executed" in the usual sense. Instead, the user's shell opens the file as if to fork/exec it, spots the shebang and then arranges to have the requested interpreter started, and passes the rest of the file to it. If the user doesn't have read permission on the file, then clearly the user's shell can't read it, and this setup fails.

This isn't the case with binary commands, which can indeed be set with no read permission, and will still work.