From: utzoo!decvax!genradbo!stuart Newsgroups: net.unix-wizards Title: SUID and exec, ala INGRES style access Article-I.D.: genradbo.1383 Posted: Fri Feb 11 10:19:25 1983 Received: Sat Feb 12 04:39:55 1983 The setuid/execution/search problem can be solved by creating a second level of directory. Use the setuid to get you through an otherwise impassable barrier. THEN, switch back to regular other user just before exec. This way, the user does run the program (e.g., game) as user uid, but is unable to access program without using special setuid program. -- Stuart Hollander (ucbvax!decvax!genradbolton!stuart) Here is your example, modified for this method: drwx------ 3 stuart 48 Feb 11 10:01 testdir drwxr-xr-x 2 stuart 48 Feb 11 09:59 testdir/readdir -rwxr-xr-x 1 stuart 7086 Feb 11 10:04 yes doyes.c: main() { printf("A uid=%d euid=%d\n",getuid(), geteuid()); chdir("/us/stuart/public/testdir/readdir"); setuid(getuid()); printf("B uid=%d euid=%d\n",getuid(), geteuid()); execl("yes","yes",0); printf("C uid=%d euid=%d\n",getuid(), geteuid()); perror("yes"); } yes.c main() { printf("Y uid=%d euid=%d\n",getuid(), geteuid()); printf("Yes\n"); }