Kudos everyone
I work in a firm working on specialized software. I work in the security department and my first task is to work on an in-house application. My main job to make the application run under a certain user with the least possible privileges, instead of 'root' which is being used right now.
So far I've managed to make a list of the files the application is trying to access using AppArmor, as well as a list of the things it does using strace. Now I got to a part where I know, for instance, the application is trying to use a setrlimit call to restrict the resources the application uses but since the user is not 'root', it can't.
I wanted to know if there's some way I can give a grant for such an action to the user or if I should instruct the coders to implement this in some other way?
I'm not a coder at all, so I'm really out of ideas. I'd be grateful if anyone can shed some light on my understanding. Thank you all in advance.

Navid

normal users can only write to there home directory so every application is restricted .

Well, if you look here http://linux.die.net/man/2/setrlimit you can see at the bottom that it refers to ulimit http://linux.die.net/man/1/ulimit which you can set for the user when he logs in. You might want to have the app run in its own user and/or via setuid.
If the prog really needs root type access, set it so the user has to run it via sudo ie user can run only that cmd via sudo.
http://linux.die.net/man/8/sudo

Hello navidpaya

If the application absolutely has to do some things which only root can do (best not) then it could be started via a setuid executable that could do all those things and then change effective userid. This would be more transparent to the user than using sudo.

Best

Charles