You've covered the two easiest methods (sudo and setuid) that I can think of, and you're telling us that sudo is just not feasible, so that just leaves setuid. Which, is a method I've used and I like. The only trick is to make double-danged sure that the rights to write to the executable are watched and maintained carefully.
A few possible thoughts:
The are "group" permissions for execute on the binary, can signals be sent from the same group? If you already know the answer to this one (I don't) you could try that.
A few more possible methods:
A) have a file out there somewhere with a group policy on it wherein a command could be written to it by a group member. You have a process that wakes up every so often and looks at the file contents and if there is a "command" to signal a process, it does so, and then removes the "command" from the file, or marks it as completed (better).
I've done the above for a few processes in the past and this works well if you don't need an immediate response, and it's OK if it takes 3 minutes or so to act on the "command" signal put in the file. The gotcha is careful maintenance of permissions on the "command" file.
B) If this application is hooked to a database, then create a table, and give the users access to it that need it. They can write a record in the file to ask for a signal to be sent to a process. Your program once it sees the "command" can act on it. This is basically the same as the A) option, but just from a database standpoint.
If the above named database is an Oracle database, I'd create a pipe and have a custom program read the pipe for work to be done. This eliminates the whole issue of timing and looping (and therefore waiting). As soon as a request is made to the pipe (via procedure created with AUTHID privelages to the pipe itself), you'd act on it with your pipe processing code.
There is also the possibility of job queueing for Oracle (which is newer) to do the same idea as above (but I'm just getting old apparently).
Keep in mind that the idea of pipes and queues for managing this are probably available in some form for whichever database you may be using already.
If you don't have a database available with pipes or queues, you usually do this with a database sequencer (counter). Create a custom sequencer with a counter which increments by one every time it is read. If a group user needs to signal your program (that the dummy owns) he would just select from the sequencer, your own program could just look at the sequencers.nextval and if it is odd, then send a signal, then read from the sequencer , which would reset the sequencer back to even. Careful control over who can read from the sequencer would be the key to that system.
HTH with some ideas.
We are the people our parents warned us about --Jimmy Buffett
