Least privilege runtime

That's the problem, scripts can't be marked as suid at all (they're interpreted by a shell/ runtime, which would have to be suid instead of the script - but marking the whole shell as suid would be a fatal security issue), only compiled binaries can be.

1 Like

Not even Linux distros with dozens of paid developers do this, they just dump all processes with same user and all process that can't be run as non-root user are run as root.

OpenWrt has core packages covered, and a good amount of packages from the community feed are also covered. That's already better than the average Linux distro.