restricting application stored data access in disk using Linux user permissions

Question

I'm developing a Java SE application that will run on Linux. The application stores some files and directories on disk.

I need only the application itself be able to read/write these files/directories (i.e. the current logged in user shouldn't be able to read/write/copy these files using OS File Manager).
I tried to create a user and a usergroup and change permissions of files to 600 and directories to 700.
The problem is application runs as current logged in user so it stores files with current user as owner.
If I do chown on the files then application can't read files anymore!

What should I do to restrict files/directories access to an application?

Answer 1

I think setuid is your choice. See man page for details. Here is the wikipage, also a good reference.

Each program has a uid/gid and euid/egid, you should have its euid/egid match the file access permission.

---

In detail, IIRC, you should run your Java SE program like java mainclass or java -jar main.jar. Write the startup command in a script, e.g. run.sh.

FILE BEGIN run.sh

java mainclass # or java -jar main.jar choose one appropriate to you

FILE END

and then sudo chown root run.sh and then sudo chmod ug+s run.sh.

This assumes you are in the sudoer list. If not, you have to turn to an SA for help.

Answer 2

That isn't possible. There is no distinction in permissions between a user and the programs that they run.