Enable execution by user as root and disabling write to user

[stenedjo]

The user named usr needs to execute program /home/usr/prog as root. But, nobody but root must be able to delete/modify program /home/usr/prog. How to do it?

My attemption was

# chown root /home/usr/prog
# chmod 0 /home/usr/prog
# chmod u+x /home/usr/prog

At end of the /etc/sudoers file I added the line

usr<TAB>ALL=(root) NOPASSWD: /home/usr/prog

Ofcourse, tabulator is instead of <TAB>. Then, the line

$ sudo /home/usr/prog

works fine, but the user usr is able to overwrite/delete program /home/usr/prog.

 

[NorthWest]

Maybe have a look at "setfacl" and "chattr" which can set limited access to files and file manipulation.

 

[stenedjo]

Sorry, but it does not work.

The rm command can delete file (without sudo) regardless on these permissions. Note that in /etc/sudoers file is line

usr ALL=(root) NOPASSWD: /home/usr/prog

I need any solution for the following requirements:

1. The user root can modify program /home/usr/prog
2. The user usr can not modify program /home/usr/prog even in case that the user usr is in root group.
3. The user usr can run program /home/usr/prog as root without password.