Hi,

We have 2 users and one directory (dir). One user is admin user and other use r is operator user. who is responsible for just executing the scripts e.g. startWeblogic and stopWeblogic etc, we want to restrict this operator user in such a way that he can only execute these files and he should NOT be able to delete or change these files but he should be able to VIEW these files

I want that one user (user1)

1) should be able to run/execute any script/file
2) should NOT be able to delete these files
3) should NOT able to change these files
4) should be able to write a new file in directory as when user is executing the script then it creates log file so it is required else script will fail
5) should be able to view the files


I tried like this
created a directory with user2(admin) with all files

1) chmod -R 775 <dir>
2) cd <dir>
3) find . -type f | xargs chmod 755

Now my user1 who is in same group as user2 is able to do the following

1) able to run/execute any script/file
2) able to delete these files [he is able to delete files ]
3) NOT able to change these files
4) able to write a new file in directory as when user is executing the script then it creates log file
5) able to view the files

my only worry is step 2, i dont want this user to delete these files but when i give 755 permision then he is able to delete if i give some other permission then he is not able to execute scripts.

Please let me know what is the best way and how can we achieve it

Thanks
Rel

I am sure i can do this by setting sticky bit, but root is NOT doing this, so looking for some other option

Look in to setting up sudo on the box. Sudo is what I have used to give particular users permissions to run scripts and start and stop applications without compromising the system. It may even be included in your linux or unix distribution.