> This is useful for executing commands from cron or whatever, and
> controlling the group explicitly.  The code is already committed,
> but disabled. I am thinking of enabling it, but I want to make sure
> first that people don't object to it, and that it does not introduce
> any security issues.

Sounds good to me; the only case I'd worry about is non-root su'ing to
another user and specifying a group neither the original user nor the
desired user is in (e.g `su - nobody:kmem`)