>Making things setuid root is almost always wrong. Make a new >group, say group "utmp", and make anything that needs to deal with >utmp setgid utmp; similarly for mail, etc. That way if you have >something that needs to do mail and utmp, you can just put it in >multiple groups. Nice idea. The problem is that in the inode on a standard Unix implementation there is only room for 1 repeat 1 group. Also in the 'u' area, there is only room for 1 primary group, 1 effective group etc. This means that something like your program which needs to do something with utmp and mail will not be able to do so, unless the group for altering mail is the same as the group for altering utmp. Pretty soon you will find that everything which wants to do anything will be SGID to this group. Any poorly written program which is SGID to this supergroup will be as weak as a poorly written SUID root program.