run an executable as the user filesystem

# execute as root
chown filesystem /path/to/executable
chmod u+s /path/to/executable
# execute as any user
/path/to/executable

It makes more sense to run this with SGID than SUID, though (then the user filesystem cannot modify this executable):

# execute as root
chown root:filesystem /path/to/executable
chmod u-s,g+s /path/to/executable
# execute as any user
/path/to/executable

In both cases you may have to make /home/USER searchable (x permission) for the group filesystem (by making it the group of that directory or with ACLs).

let a group own all new files

Make it the group of all existing files and directories

chgrp -R /home/USER/00_Files

Set the SGID bit for all directories:

find /home/USER/00_Files -type d -exec chmod g+s {} \;

other file permisionsto be set

Make all existing files and directories writable by the group:

chmod -R g+w /home/USER/00_Files

Give write permission to group for all future files and directories:

find /home/USER/00_Files -type d -exec setfacl -m d:g::rwx {} \;

for this to be safe

For this to be safe there must not be any files or directories with write permission for the user/group filesystem outside this directory tree.

A completely different approach would be to run the executable in its own mount namespace /chroot which only contains the target directory tree. This should be simple if the executable is statically linked. I am not sure whether root privilege is required for creating a namespace, though.

run an executable as the user filesystem

# execute as root
chown filesystem /path/to/executable
chmod u+s /path/to/executable
# execute as any user
/path/to/executable

It makes more sense to run this with SGID than SUID, though (then the user filesystem cannot modify this executable):

# execute as root
chown root:filesystem /path/to/executable
chmod u-s,g+s /path/to/executable
# execute as any user
/path/to/executable

In both cases you may have to make /home/USER searchable (x permission) for the group filesystem (by making it the group of that directory or with ACLs).

let a group own all new files

Make it the group of all existing files and directories

chgrp -R /home/USER/00_Files

Set the SGID bit for all directories:

find /home/USER/00_Files -type d -exec chmod g+s {} \;

other file permissions to be set

Make all existing files and directories writable by the group:

chmod -R g+w /home/USER/00_Files

Give write permission to group for all future files and directories:

find /home/USER/00_Files -type d -exec setfacl -m d:g::rwx {} \;

for this to be safe

For this to be safe there must not be any files or directories with write permission for the user/group filesystem outside this directory tree.

A completely different approach would be to run the executable in its own mount namespace /chroot which only contains the target directory tree. This should be simple if the executable is statically linked. I am not sure whether root privilege is required for creating a namespace, though.

run an executable as the user filesystem

# execute as root
chown filesystem /path/to/executable
chmod u+s /path/to/executable
# execute as any user
/path/to/executable

It makes more sense to run this with SGID than SUID, though (then the user filesystem cannot modify this executable):

# execute as root
chown root:filesystem /path/to/executable
chmod u-s,g+s /path/to/executable
# execute as any user
/path/to/executable

In both cases you may have to make /home/USER searchable (x permission) for the group filesystem (by making it the group of that directory or with ACLs).

let a group own all new files

Make it the group of all existing files and directories

chgrp -R /home/USER/00_Files

Set the SGID bit for all directories:

find /home/USER/00_Files -type d -exec chmod g+s {} \;

other file permisionsto be set

Make all existing files and directories writable by the group:

chmod -R g+w /home/USER/00_Files

Give write permission to group for all future files and directories:

find /home/USER/00_Files -type d -exec setfacl -m d:g::rwx {} \;

run an executable as the user filesystem

# execute as root
chown filesystem /path/to/executable
chmod u+s /path/to/executable
# execute as any user
/path/to/executable

It makes more sense to run this with SGID than SUID, though (then the user filesystem cannot modify this executable):

# execute as root
chown root:filesystem /path/to/executable
chmod u-s,g+s /path/to/executable
# execute as any user
/path/to/executable

In both cases you may have to make /home/USER searchable (x permission) for the group filesystem (by making it the group of that directory or with ACLs).

let a group own all new files

Make it the group of all existing files and directories

chgrp -R /home/USER/00_Files

Set the SGID bit for all directories:

find /home/USER/00_Files -type d -exec chmod g+s {} \;

other file permisionsto be set

Make all existing files and directories writable by the group:

chmod -R g+w /home/USER/00_Files

Give write permission to group for all future files and directories:

find /home/USER/00_Files -type d -exec setfacl -m d:g::rwx {} \;

for this to be safe

For this to be safe there must not be any files or directories with write permission for the user/group filesystem outside this directory tree.

A completely different approach would be to run the executable in its own mount namespace /chroot which only contains the target directory tree. This should be simple if the executable is statically linked. I am not sure whether root privilege is required for creating a namespace, though.