Make program only run by root

Hi all, i hope i got this in the right place, what i am trying to do is make a program only run by root, ie
for instance user fred is logged in and uses firefox, what id like to do is change that so that when fred wants to use firefox he will be asked to enter root password before he is allowed to use it, is this possible and if so how, if anyone can help could they make it simple as im not very good
at this, i would be most gratefull for any help please.

  1. change the permissions on the executable so that only root can run it. The normal firefox program is actually a script, so make sure you protect all executables in that directory.

  2. Set up sudo to allow the user george to run it.

Now, having said that, I highly recommend against giving George your root password. If you want only George to run this program, sudo prompts for his own password. But it's possible to configure George so that he can run the program without a root password.

Having said that, I also highly recommend against giving George the ability to run firefox as root. Instead, specify another (new) user (ie, "firefox-user") that can only run firefox, by changing the ownership of the entire firefox directory to that user. Configure sudo to "run as" that new user.

Thankyou for your quick reply but im having problems locating the files to change permissions on, sorry for being a pain but im not to bright at this
i am using gnome, is there a command i can enter in a terminal to do this.

Try any of the following:

  which firefox
  whence firefox
  type -a firefox

Do you have a way of preventing the user from installing and running their own firefox?

Thanks i have checked that file it is in /usr/bin/firefox but when i right click to check properties it already says root is the owner, i would like firefox to be able to run in that account but only for people with root password if you know what i mean, sorry to be a pain, and thankyou so far for your help.

So change the permissions so that only root can run it.

chmod og-rx /usr/bin/firefox

But caution, because it's either a softlink or a shell script that points somewhere else. You'll have to follow the chain of events to make sure the actual executable is only runnable by root.

Thankyou, you must be getting fed up with me by now, sorry to be a pain
im almost there the command you gave me worked it has ensured firefox can only be run as root, however it would be nice if it asked for root password when you try to use it non root,(at the moment it just says permission denied) like when you try to run a program from the adminstration menu, im probably asking to much here
but thankyou for all your help so far it really has helped alot so far.

I explained this in the first message. Set up sudo and allow the user to run the program with:

sudo firefox

If you really want him to have the root password, okay, but this is absolutely stupid:

su -c /usr/bin/firefox

Thats perfect just what i needed thankyou so much, i know you dont agree with it, but it allows different users to use the same account and only the ones with the password can use firefox, plus it opens up the door for other stuff for me that id like to do, you are a star
sorry to have been a pain id really appreciate what you have done thank you thankyou thankyou:b:

I'm fairly certain this is the new security feature of which you speak is being currently used at the yahoo log in. perhaps contact their security and development.

Different users to use the same account are you absolutely sure you want to do that I have an account just like that and people started posting things at random that the rest of us who opted in wanted nothing to do with i'd think that one through first if I were you. If you do happen to do this and somewhere down the line you suddenly decide it's spam you have no one to blame but yourself for allowing the format in the first place and secondly you could be held liable.

What if the administarator comes to you and says I'm sorry but you allowed an open format and we would like to have a word with you regarding your resposibilities behavior.

I havent a clue what you are on about, are you some kind of hacker or something, anyway i dont want to know youtube etc.

No Dave I am not a hacker but I am exceptionally skilled with computers and the manipulation of program code and URL's considering I own/have and am associated with over a hundred and eighty websites and blogs as a matter of fact. Yahoo and Google has turned me into a Legend Dave and I didn't even have to die first. Just place the name jamieolender into any google search and you'll see what I mean. When the computer first went public I used to sit on the computer 12 hours a day seven days a week now I'm down to 1 to 6 hours of general maintenance.

Aren't we a lil' full of ourselves (as well as fantasies) here? he he