> There's a significant difference between changing group membership for > a system user versus a user account that is used interactively. > > I don't think the handbook advises people to mess with system accounts.
>From my experience this is quite common for web-stuff and similar things, where you suddenly want to be daemon1 in the group of daemon2 so it can read it's files. How about something like an EXTRA_GROUPS env var that one can set via profile? That could be set per package, acct-user templates could change that at merge time, or if USE=exact-groups is set even complain if the new and old group setting does not match. Or the other way round: always fail if the group membership of the given user is not exactly what the ebuild states + EXTRA_GROUPS, and let the user pass in USE=force-group for that ebuild to fix things up. Eike
Description: This is a digitally signed message part.