1

I want a program can be run by a specific user (let's say tony) and the owner (root). I thought I could use setuid on the program:

chmod u+s program1.sh

But it returns out all other users can run program1.sh with owner's privilege. Instead of using setuid, change the group program1.sh so that the group contains tony could be good to allow only tony and the owner can run the program, but tony cannot run with owner's privilege.

So I don't know how to archive this requirement. Hope guys can give me some advice.

Marcus Thornton
  • 5,955
  • 7
  • 48
  • 50

1 Answers1

2

you chmod u+s program1.sh just like you did, then chmod o-x program1.sh to prevent 'other' users from running that file. Now create a new group, and use chown to give that group ownership of the file. Finally add any users you would like to be able to execute the file, to the newly created group. Don't forget to chmod g+x to allow users of the new group to execute the file.

Pétur Ingi Egilsson
  • 4,368
  • 5
  • 44
  • 72
  • Is 'other' execution privilege that determines if one user can execute or not instead of setuid privilege? I thought once setuid flag is set, everyone can execute that file. – Marcus Thornton May 18 '14 at 15:02