There are many scenarios where you'd not want a User or Users to execute a specific file.
For example, wget or perl might be binaries that you'd not want Users to run.
In this example, we'll discuss how to use group permissions to prevent a group of Users from executing the file:
First, we need to create a group that will be filled with Users. Let's call this group :
groupadd noperl
Next, we'll assign this group to the perl binary, and set it's permissions such that no User in the noperl group can execute it:
chgrp noperl/usr/bin/perl
chmod 705/usr/bin/perl
where using the permissions, the 0 portion specifies that the group on this file cannot do anything on it (can't read it, can't write to it, and cannot execute it)
Lastly, add any Users to this group who should not be allowed to execute perl:
usermod -a -G noperl apache
usermod -a -G noperl fred
usermod -a -G noperl george
where apache, fred, and george cannot run /usr/bin/perl.
This guide can be applied to other binaries as needed, but make sure that you don't block any Users which actually need to use the given binary.
If you want to automate the adding of newly created Users to this group, create the file: