"Won't do anything" ??? Without error messages ???
I don't think that's possible purely based on permissions. If a file exists, but is not readable and executable, and someone tries to execute it, they will get an error message. Usually, it will be "Permission denied". In a nutshell, the permission system (the nine bits the control the RWX settings for owner, group and user) only controls whether a file can be executed or not; it can not change the behavior of the executed program. (Note that I'm using the words "file" and "program" interchangeable here, assuming that ultimately any file can be executed, because it might be a script. That's glossing over some important details like executable format. Also, above I wrote "readable and executable", and that also glosses over important details).
I think what you described is a program that when run by a user who is not authorized will run, but not do its job. When run by an authorized user, it will do its job. Such a program can be written, and it's actually rather easy to do as a shell script. Assume 1234 is the user ID of the authorized party, and 5678 is the group ID of the authorized group:
Code:
if [ `id -u` -eq 1234 -o `id -g` eq 5678 ]
then
... execute the program as usual
else
echo Good morning you are not authorized to do this, nothing will happen, please have a nice day.
fi
(Note: In the above example I added a message which tells the non-authorized user what is going on, for didactic clarity.) Obviously, doing this in general, flexibly (perhaps configurable) and in any programming language (like C) becomes much harder than just comparing the UID or
But then your real question is: "How can I set the permissions so users in group X can run it"? That's rather easy. Say user "adam" has written a program that should be executable by everyone in the group "animals": First, change the ownership of the executable itself to be in the desired group (with
chgrp animals /home/adam/bin/ourtool
), and then change the permissions of that program so it is readable and executable by anyone in that group, for example with
chmod u+rwx,g+rx-w,o-rwx /home/adam/bin/ourtool
. Now adam (the owner) can read,write and execute the file. Others in the animal groups can read and execute, but not write. And others (who are neither adam nor in the animals group) can do nothing, not read, write or execute. Except obviously root can do whatever she likes. Oh, and to make life easier, you should also make sure that all directories in the chain /home/adam/bin are readable and executable to the animals group (that's not strictly necessary, but let's keep things simple).
So, to summarize: To implement this kind of thing, you have two options. You can use the existing user/group infrastructure and mark the executable by group. Or you can implement authorization checking inside the program, and do a reasonable thing.
Style remark (sorry, I have to add anecdotes or philosophical remarks): Having a program that *silently* changes its behavior depending on who is running it is a very bad idea. It makes debugging when things don't work very hard. I would definitely implement this to print very clear messages when the program is deliberately not doing its job.