Linux folks, what do you think of https://github.com/osquery/osquery/pull/6180/files

I don’t understand the purpose of the PR given that

osqueryd

runs as root

You may want to run extensions as non-root. Right now that is not possible due to permissions on the socket. It is a good thing the socket permissions are restrictive because access allows you to query any data as root.

Ah I didn’t realize the extensions could run under a different user/group. In that case, the PR is fine from my view. Overall, I am more interested in running the whole thing as non-root and using Linux capabilities to restrict the access (https://github.com/osquery/osquery/issues/6121)

My initial thought is that it seems fine? If we're already trusting posix auth, group writable is okay

imo, not a bad idea.