README_LDCONFIG

Here's how I set things up:

User "ldconfig" is uid 9998 gid 9998
User "ldconfig" is a member of "install"

The program /sbin/ldconfig is setuid(9998) as shown:

$ ls -l /sbin/ldconfig
-rwsr-xr-- 1 ldconfig install 2636269 2007-02-12 00:04 /sbin/ldconfig

Of course /etc is an "install" directory:

$ ls -ld /etc
drwxrwxr-t 20 root install 1688 2007-02-20 23:33 /etc


And obviously from the permissions of ldconfig, any member of the
"install" group may run ldconfig:

package lesstif:/usr/src/lesstif/lesstif-0.94.4> ldconfig
package lesstif:/usr/src/lesstif/lesstif-0.94.4> ls -ltr /etc/ld.so.cache
-rw-r--r-- 1 ldconfig lesstif 21492 2007-02-20 23:33 /etc/ld.so.cache
package lesstif:/usr/src/lesstif/lesstif-0.94.4>

So an odd side-effect (or bonus) is that we can see who last updated the
cache by looking at /etc/ld.so.cache ... in this case LessTif was the
last to run ldconfig.