-1

In Lubuntu Linux 22.04, I need to make a binary file that is owned by root and is in the root group executable by a normal user. This is easy enough to achieve using:

sudo chmod o+x /path/to/binary/binary-executable

The binary also needs to read some configuration from a JSON file in the same directory. I don't want the normal user to be able to read the contents of the JSON file. It appears that I need to make the JSON configuration file readable by the normal user, so that they can run the binary, but I need the JSON file to be private to root.

To summarise:

  • The binary executable is here: /opt/my-progs/prog, owner:group is root:root, permissions: 755

  • The configuration file that is read by the executable is here: /opt/my-progs/config.json, owner:group is root:root, permissions: 660

  • Root can cd to /opt/my-progs and run the program ok.

  • The user can do cd /opt/my-progs, but when they try to run the program, there is a permission error for the configuration file.

  • The binary executable assumes the configuration file is in the same directory as the binary executable.

Is it possible the make it so the user can execute the binary and not be able to read the config file?

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
Simon Bagley
  • 318
  • 2
  • 15

1 Answers1

-1

Yes, this is achievable. You can use the following command to make the JSON configuration file readable by the normal user, but private to root:

sudo chmod 644 /path/to/json/file

This will set the file permissions so that the owner (root) has read and write permissions, the group (root) has read permissions, and others (the normal user) have read permissions.

The binary file will still be owned by root and in the root group, so it will still be executable by the normal user. However, the JSON configuration file will be private to root, so the normal user will not be able to read its contents.

Here is a breakdown of the file permissions:

  • Owner: The owner of the file is root. This means that root has full control over the file.
  • Group: The group of the file is root. This means that all users who are members of the root group have read permissions on the file.
  • Others: The others group includes all users who are not members of the root group. In this case, the others group is the normal user. The normal user has read permissions on the file, but they do not have write permissions.
Mitul
  • 42
  • 6
  • If the config file permissions are 644, then a normal user will be able to read the file. I don't want the user to be able to read it. – Simon Bagley Jul 17 '23 at 08:39
  • you need to change the permissions to 600. This will give the owner of the file full read and write access, but no other user will be able to access the file. – Mitul Jul 17 '23 at 08:42
  • Just to clarify, if the file settings are as follows: /opt/my-progs/bin-file owner:group is root:root, permissions 771. /opt/my-progs/config.json owner:group is root:root, permissions 600. – Simon Bagley Jul 17 '23 at 08:48
  • This may have security issue best you can change permission to 640 ,This will make the file readable by the owner and the group. – Mitul Jul 17 '23 at 08:53
  • I will clarify my question, as the solution proposed will not work. – Simon Bagley Jul 17 '23 at 10:05
  • Welcome back to Stack Overflow, Mitul. It looks like it's been a while since you've posted and may not be aware of the current policies since last five answers appear likely to have been entirely or partially written by AI (e.g., ChatGPT). Please be aware that [posting of AI-generated content is banned here](//meta.stackoverflow.com/q/421831). If you used an AI tool to assist with any answer, I would encourage you to delete it. We do hope you'll stick around and continue to be a valuable part of our community by posting *your own* quality content. Thanks! – NotTheDr01ds Jul 19 '23 at 15:44
  • **Readers should review this answer carefully and critically, as AI-generated information often contains fundamental errors and misinformation.** If you observe quality issues and/or have reason to believe that this answer was generated by AI, please leave feedback accordingly. The moderation team can use your help to identify quality issues. – NotTheDr01ds Jul 19 '23 at 15:45