Hello folks, I have a question about Linux executables. I have a bunch of binaries that I compiled myself which are stored in a bin directory I own. For one of these executables, I'd like to make give it the setguid bit, but only for users that are in the group that owns the file, i.e. users that are in the world should not be able to execute the binary. I'd rather not tamper with the original, so what I'd like to do is copy it to another name, and then give it the custom permissions. The process would look something like:
can't change perms on a symlink, only it's referenced file.
uid/gid allows you to chown/chgrp the file to the owner/group who has the correct privileges, then chmod it to allow others to execute. It will then run as the owner/owning group.
setuid and chown the file to the user with sufficient run privileges, then chgrp it to the group you want to allow to run the binary, and chmod o-x.
Yes, but that changes the permissions on the original binary. On second thought, though, it seems sufficient: I don't plan on letting anyone not in the group use the binary.