> If I create a separate group for each program I want to allow, is there > any additional risk induce by the use of the setgid?
Yes, it introduces a risk. You are providing a program with an additional gid. The program has not been coded be aware of that gid. Two potentially different filesystem views now exist within the program, depending on the g=rwx bits of directories and files in the tre. The program is no longer operating in a world-view it was designed for. setuid and setgid aren't things one enables on unprepared code.
