Many programs don't need to be run as root, but still need some level of higher access than the average user. This is where the Least Privilege Access idea comes into being. For example, the LP (Line Printer) commands need access higher that the average user (To access to the printer), but only small amount of code needs to be ran root. So the smart thing to do is to make a user lp (/bin/true as the shell) and a group called lp and make it so any user can run any of lp commands and make all of the lp commands owned by the lp group and user, execpt that code that needs to be root. Most likely the lp daemon (lpd), which most likely started when the system boots. Then make sure that lp can still do its job (Managing the printers, the queues, and able to still send reports to the person in charge of the printers). So if the lp user becomes compromised the attacker really has not taken a step forward in gaining root on your system. Now most/many programs that are SUID root, ask that you create a user and group for the program. However, many people screw up by putting most if not all of their SUID programs in the SAME user and group. This is bad! Really Bad!. What you need to do is put every program that start as root then forks off as lower privlage user in their own group and have their own user account. You can make the shell /bin/true in the gecos field int the /etc/passwd, and the thome directory where the programs are (In this case you should/would have to put the tools in their own direrectories).