In our system, we have two users "admin" and "customer", customer is part of group customers.
We need customer to only be able to execute certain programs which we've decided he's allowed to, and not read or write to any configuration files. Said programs can access configuration files, but customer cannot interact (read/write) with them directly.
All relevant programs and config files, are stored inside admin.
I don't have much experience with Linux. So what I've tried is creating two programs, one that writes to file called WriteFile, and another which reads a file called ReadFile.
Both programs have the following permissions:
-rwx--x--- 1 admin customers ... ReadFile
-rw------- 1 admin customers ... config.txt
-rwx--x--- 1 admin customers ... WriteFile
This question gave me an idea of using setuid in ReadFile/WriteFile, but whenever I tried running setuid as customer setuid always returned -1.
With this question it seems like my only option is to give customer root access, which I don't really feel comfortable with.
Unless that's the only solution, is what I'm describing even possible? Thanks in advance.
