How about an idea like this:
- create another non-root and non-wheel user on the machine,
- as root - change the ownership of the module files TO the designated user that is in the same group as the original (so that the permissions can still be rwxr-xr-x or even rwxr-x— maybe?)
- the integrity check while encountering such files, owned by the designated user (e.g. also member of an ‘allowed_editors’ group), can maybe keep track of the changes in the checksum and show/send an alert when this changes, without affecting the ‘official’ module integrity checking online upon updates; (a single permanently dismissable alert on status page ? A line of text in Module Admin showing ‘this module has been edited locally last on $date?’ with a button ‘revert back to online version’ ?)
- mid-step: when ‘checking for updates’ and checking the integrity, display them a choice: we noticed this module has file(s) owned by $allowed_editor, last changed on $date, do you want to keep or revert to online version?
(- advanced: do a 3 way merge
) - this should have the effect, that if attacker becomes www-data, they can read but can’t write to the changed file(s), AND an owner who wants to give a third party HE trusts, the right to edit things on HIS machine, will get a notice every time they do that.
- bottom line is: this will not bypass the integrity check, will not disable it completely, but make it really flexible for those who know what they are doing (and still want to be safe too)
How’s that sound?
(+xrobeau has suggested changing to ownership by root originally on one of above posts, but I can see where that goes with people who DON’T want to give root to their allowed_editors…)