In <9403281806.aa08049@uk.ac.bath.ss1> you write: >Making things setuid root is almost always wrong. Make a new >group, say group "utmp", and make anything that needs to deal with >utmp setgid utmp; similarly for mail, etc. That way if you have >something that needs to do mail and utmp, you can just put it in >multiple groups. Nice idea. The problem is that in the inode on a standard Unix implementation there is only room for 1 repeat 1 group. Also in the 'u' area, there is only room for 1 primary group, 1 effective group etc. This means that something like your program which needs to do something with utmp and mail will not be able to do so, unless the group for altering mail is the same as the group for altering utmp. Much better is to start it off as root, let it run that way just long enough to set its group list, and then setuid to someone boring and do whatever might have bugs... Marc