setuid program owned by non-root user

I have a setuid program (getpwd) that runs as expected only when owned by root.

-rwsr-xr-x 1 root root 7981 2011-11-17 18:28 getpwd*

In other words when my program is executed on the command line by user "alice" all works fine

The program opens a file in directory /home/secure and print the contents to screen.

alice@devbox:/home/alice/tmp$ ./getpwd
setuid is working

However when I change the ownership and set setuid of the file:

chown secure:users getpwd
chmod 4755 getpwd

-rwsr-xr-x 1 secure users 7981 2011-11-17 18:28 getpwd*

The program does not run when executed as user "alice".

alice@devbox:/home/alice/tmp$ ./getpwd
cannot open file /home/secure/test ...

Why is this happening?

ls -ld /home/ /home/secure/
drwx--x--x 2 secure users 280 Nov 18 11:16 /home/secure/

ls -ld /home/secure/*
-rw------- 1 secure users 33 Nov 15 14:35 /home/secure/test

How do I ensure that only user "alice" can run the setuid program owned by secure?

There are two possible approaches. One uses nothing but traditional Unix permissions and the other uses newfangled ACLs.

Traditional Unix

Create a new group; perhaps ALICE or something obviously different from an alice user account. Make sure alice is a member of ALICE in group(5). (vigr(8) is a great way to edit the group(5) file.) Set the ownership of your getpwd program secure:ALICE and remove world execute privileges on the file. Then, only secure and members of the ALICE group can execute the setuid getpwd program.

If alice is just a stand-in for a potentially larger group of people, then maybe name the group SECURE. (Upper case is just convenient for my description. You don't have to stick with upper case.)

Newfangled ACLs

setfacl -m u:alice:x getpwd

The setfacl(1) program is a bit complicated, but it allows you to create far more complex permissions than the traditional Unix permissions. Because these are pretty different, most systems I have seen don't have them turned on by default -- that requires the acl option to mount(8) when mounting the filesystem. You would need to add acl to the filesystems in /etc/fstab that need the extra permissions. (You don't need to reboot to make it available, though; mount /file/system -oremount,acl would be sufficient for as long as the filesystem is mounted -- typically until reboot.)

I suggest sticking with the traditional Unix method.