Setting developer verser operator permissions
As a developer, I’ve created software that falls under the following directory tree:
Launcher
|--- Apps
| |--- Bin
| |--- Src
|--- Images
|--- Scripts
|--- launch.sh
I want to set the permissions of Launcher and its subdirectories such that only I, or someone in my group, can manipulate them. (I know how to do this.)
As an operator, I need to be able to execute launch.sh, and to copy executables from the Bin subdirectory to a local directory for execution. How do I accomplish this while still keeping Launcher and its subdirectories locked down?
I am trying to think the problem out, and basically what I want is for the operator to be able to run a script that he cannot read/modify. This script has the permission necessary to execute lauch.sh, perform the copies (, and set file permission so that operator can use those files). Is this possible?
FYI: Currently this software is setup so that operator is the owner, but I’d really like to separate the developer from the operator (as an operator should never be tinkering with the source code or scripts).
|