The way I handle this is by an immutable network boot image and rebooting between users. Then one can give the student root access without any security implications.Our users are students with standard domain user permissions, and their access is intentionally limited. In this case, what would you recommend as the best approach for allowing the application to run without granting elevated privileges to the students?
The traditional Unix approach is to create a setuid wrapper that elevates permissions and launches the application. The setuid bit was seen as such a novel way to allow non-privileged users limited privileges when running certain programs that it was patented by Dennis Ritchie in 1973.
https://worldwide.espacenet.com/patent/ ... DUS4135240
Soon afterwards the patent was donated to the public domain.
Statistics: Posted by ejolson — Fri May 22, 2026 3:32 pm





