28.01.2025 17:20, Ondrej Mosnacek пишет:
That could work, but the semantics become a bit weird, actually: When you set both uid and gid, one of them needs to match. If you unset uid/gid, you get a stricter condition (gid/uid must match). And if you then also unset the other one, you suddenly get a less strict condition than the first two - nothing has to match.
Maybe this means that unsetting with -1 is something that shouldn't be done and/or allowed? In this case you only stricten. Modulo the inability to set both user/group at the same time, so you still get "less strict" when setting group after user already set...
