Hello, I am wondering if I can set a binary file with user permissions set only (0700: - rwx --- ---), so it can only be executed directly by the owner, but I would like it to also be executed if run from a script by member of the group the file belongs to?

As you can see, the binary itself does not have any access rights for group, but is there a way the script can grant rights for the session? It could not actually set the permissions on the file as it would be used by several people, but the user rights for the file could be inherited from the script?

The reason I want to do this is to ensure the various setup and tidyup commands in the script are performed.

I thought that setting the script with SUID would work, but I get a permission denied error.

I thought about having a copy of the file moved to the users home directory, set the permissions, then execute, but it wouldn't work because the user could execute the binary from their directory, whilst the script is running in another shell session. Also, the file needs to be in a specific directory to execute properly.

Any help would be greatfully appreciated

OS: Linux RH ES

bash is intelligent and won't let you set the suid bits on a script file. You might look into sudo if the script requires root access.

Just give the file permissions 750.

What I want is a script with group execute permissions to execute a binary without execute permissions. This way, only the script can execute the binary instead of users executing from the shell prompt.
Sudo sounds like it may be the answer though. I didn't really want to temporarily grant root access, but temporarily allowing the group the same permissions as root would work.

Thanks for the tip.

By doing that, I am enabling group members the ability to execute the binary directly from the shell prompt, which is exactly what I'm trying to prevent.