How to not allow direct 'cat' but allow from the C program

Question

I am coding a small piece of C program. Basically, in the folder will have to file: secret.txt and code.c. I want my user cannot use any means to directly print out the secret.txt in terminal by 'cat', 'head', etc. but they can read it from a C program.

How they can read it (in my C code):

if (<some conditional>){
   system("\bin\cat secret.txt");
}

I have tried to set the permissions of secret.txt as 440, the executable code as 4711. The file secret.txt is owned by root:root. And normal user can execute the code. However, in the program, it keeps saying permission denied.

How can I do this?

Answer 1

It would be very difficult (and wouldn't make that much sense usually) to deny a specific program from reading a file.

In Linux, permissions work per user, so if the c program and cat run with the same (effective) user-id, they will have the same permissions (generally).

The best way to solve it, if I correctly understood your intentions, is to compile your program, chown it to root, and make it a setuid binary (meaning that it will run with the permissions of "root" and not "user"). This way, it will run as root and be able to access the file.