This doesn't "harden" anything, you'd be elevating the effective GID at best (eg. if some ACL would allow the execution for other users or the user is in the "root" group, what's not exactly secure to begin with…)
Also the effective GID isn't the same as the effective UID, so turning 4755 into 2755 may have side effects and turning it into 2750 bears the same issues as the above.
Stuff like ping is handled via caps nowadays, any kind of elevation via sg-uid bits means to weaken it. (If anything, one could eg. put it in the wheel group and suid it, but this will still allow wheel users to run a complete UID0 process and take the feature from users…)
https://github.com/grapheneX/grapheneX/ … -517210388 seems to force you to run a single user OS? Why would one block /etc/profile reading??
This is all rather weird, is there any indication that the author (singular?) has even a remote idea what he's doing?
Did you ask him for his reasoning on this … this … whatever this is?
]]>owner root would execute the command with the effective group ID of root so in most cases would not have any effect.
group root executes with the effective group ID of root so in most cases would not have any effect.
other can not execute the file.
If the setgid is not having any effect could it be dropped leaving the privileges at 750?
If my understanding is correct this would seem an odd command to execute to harden an executable such as w or who.
[1] https://bbs.archlinux.org/viewtopic.php?id=247974
[2] https://github.com/grapheneX/grapheneX/issues/81
[3] https://github.com/grapheneX/grapheneX/ … .json#L255
Edit:
Consensus is never to use 02750