> Apparently everyone re-implementing daemontools does something like > this. So that brings me back to my original question: > is there consensus that the historical behaviour is a bug?
no, this is no bug. > Or are there valid use cases? most of the time one does not want the subprocess to run under additional GIDs, so that is a sane default behaviour. obviously there should be an option that makes "chpst" add all supplementary GIDs the UID belongs to, though (when this is desired by the user). would not be too much work to add such a commandline option to it.
