User/group configuration for multi user environment

[antimatter84]

I have written a small graphical tool that saves scanned documents in the users home directory. 3 people use this computer / scanner. How should I configure INSANED_USER / INSANED_GROUP ?

[abusenius]

Insaned will run event scripts using given user and group and therefore create image files owned by this user and group. Things to consider:

1. INSANED_USER should be able to use the scanner (in some distros it could e.g. mean he should be in "scanner" group)
2. Some event scripts (file, scan) use $HOME as the default directory to put images into, $HOME will obviously be the home directory of INSANED_USER
3. INSANED_USER should have the permissions to write into the output directory you choose to put the scanned files into
4. All 3 users should have permissions to read (and possibly write if you need to) files owned by INSANED_USER and INSANED_GROUP (e.g. they could be added into INSANED_GROUP or you could use some common group like "users")
5. You could in principle also keep root/root if created files are world-readable (depends on system configuration)
6. If you give somebody permissions to edit event scripts, he will basically be able to run arbitrary code with the permissions of INSANED_USER, which might be a security risk