So, I want to allow some user to execute ifconfig. I'd created a special group "if" and done user to own this group. And now I'm going to do "chown root:if ifconfig".
But I think: What wrong thing can happen when i change group from root to if? Is there a software which uses ifconfig, running from non-root, but in root group?
Any user can execute ifconfig. The problem is that usually you want ifconfig to be executed with root permissions, so that you can temporarily change your system configuration. Changing the group of the binary (and having to play with setuid) is not the way to do this.
Execute visudo and add the line
%if ALL=(ALL) /sbin/ifconfig
to the end of the file.
That will let users in group if execute sudo ifconfig with any arguments they like so that they can temporarily change your system configuration.
