Comment 8 for bug 1743718

Hmm,
not sure why my mailer decided this isn't important - it is!
Lost a few days on it due to not being visible yet - I beg all your pardon for this.
/slap my mail filers

This essentially came due to:
1. myself wanting to bring the Delta we had (by Serge) to run as libvirt-dnsmasq to Debian in [1]
2. out of the discussion in said bug it was decided to be a security risk. I don't have good logs to share (IRC/Mails/Hangout-Talks), but the TL;DR was "do not run it as that user"
3. out of that discussion the change causing this happened in [2]

I think I want to re-fix that at least for bionic to bring back Serges changes.
But in a modified way so they do not trigger the security issues found back then.
They'll probably get an own group at least ...

I also need to look more into the issue that arises due to it for you by reading more into the comments above...

@Seth - any recommendation which user would be best for security isolation. Is an own one (but also with an own group this time) the best we can do?

[1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862340
[2]: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1690729