Open
Description
It's very easy for someone that doesn't really understand the details of how to drop privileges (e.g. me) to use the "user", "group", and "extra_groups" args to subprocess.Popen()
incorrectly ... or at least not in a way that gets the results they expect. Since there are potentially many reasonable patterns for using these It might be at least worth documenting that just setting "user" isn't a replacement for running a command under su
or runuser
.