Changing away from 'nogroup' would be good, that's for NFS use (similar to 'nobody').
Using ACLs to grant the _apt user permission to work with specific files sounds good to me. Perhaps not all editors know to maintain those when writing new files with the same name, or perhaps know to fall back to non-atomic file update tools in order to maintain those... But it'd be ideal from apt's perspective, and easier than trying to manage supplementary groups in sandboxed processes. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1668944 Title: The _apt user ignores group membership. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1668944/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
