Implement denylists

assets/debian/config.toml

@@ -22,3 +22,6 @@ password_file = "/run/credentials/muscl.service/muscl_mysql_password"
 
 # Database connection timeout in seconds
 timeout = 2
+
+[authorization]
+group_denylist_file = "/etc/muscl/group_denylist.txt"

assets/debian/group_denylist.txt

@@ -0,0 +1,58 @@
+# These are the default system groups on debian.
+# You can alos add groups by gid by prefixing the line with 'gid:'.
+
+group:adm
+group:audio
+group:avahi
+group:backup
+group:bin
+group:cdrom
+group:crontab
+group:daemon
+group:dialout
+group:dip
+group:disk
+group:fax
+group:floppy
+group:games
+group:gnats
+group:input
+group:irc
+group:kmem
+group:kvm
+group:list
+group:lp
+group:mail
+group:man
+group:mlocate
+group:netdev
+group:news
+group:nogroup
+group:openldap
+group:operator
+group:plocate
+group:plugdev
+group:polkitd
+group:postgres
+group:proxy
+group:render
+group:root
+group:sasl
+group:shadow
+group:src
+group:staff
+group:sudo
+group:sync
+group:sys
+group:systemd-journal
+group:systemd-network
+group:systemd-resolve
+group:systemd-timesync
+group:tape
+group:tty
+group:users
+group:utmp
+group:uucp
+group:video
+group:voice
+group:www-data