Create a new user/group with permissions to that file. Then use Apparmor/SELinux on the shell so that it can only read/execute the process you want it to.