I'm considering how to configure my system to scrap a lot of groups I don't really understand the need for like floppy, tape, disk, mail, etc. Probably most users should be free to use most facilities if they're allowed to login. Perhaps broader groups like admin, staff, other would be ok. If I set umask to 002 and root's default group to admin then no logins as root should be necessary, collaboration and administration would be easy but there might be security trade-offs. I tried running cups as daemon:server (custom group) and it printed ok without cupshelper.
I might change some Pkgfiles to not create these users and groups or specify others. With all the owner and group configuration in /var and /run I'm a bit hesitant.
While it's feasible, I think that removing system groups (even rarely if ever used ones) for the reasons you stated won't really make a difference. If you do proceed, don't touch any groups you see under /dev.
Not quite sure what you mean, nous, you mean groups named for devices like floppy or lp? I don't need such fine-grained access control. Just a hobby system and don't mind who uses printer, scanner,etc Combine a few groups, perhaps..
I think nous means
ls -l /dev | cut -d ' ' -f 4 | sort | uniq
I got a blank line, root, and tss, lotuskip, apropos of which can you tell me what tss and tss-tpm are?
I can't exactly, but seems to have something to do with TPM, hardware cryptography; see https://wiki.archlinux.org/title/Trusted_Platform_Module (https://wiki.archlinux.org/title/Trusted_Platform_Module)
You sure got few groups there. I get disk, kmem, kvm, rfkill, root, tss, tty, uucp, video. And I think my system is pretty barebones...
If I do cat /etc/group I have about 50 groups. Don' t know why they should be listed in /dev, though. I see tpm2-tss is a crypto package "required" by libsecret. I find redhat a bit imperial sometimes.