Here is implementation (at least the most revelant part):
for user_group in groups:
self.execute('usermod -G %s %s' % (user_group, username), stdout=False, sudo=True)
If I call ensure_user_groups('foo', ['group1', 'group2']) following statements would be called:
usermod -G group1 foo
usermod -G group2 foo
While man usermod states:
-G, --groups GROUP1[,GROUP2,...[,GROUPN]]]
...
If the user is currently a member of a group which is not listed, the user will be removed from the group. This behaviour can be changed via the -a option, which appends the user to the current supplementary group list.
So this would result in foo being member of group1 as usermod -G group2 foo would remove foo from group1
There is a serious error in mentioned method
Here is implementation (at least the most revelant part):
If I call
ensure_user_groups('foo', ['group1', 'group2'])following statements would be called:While
man usermodstates:So this would result in
foobeing member ofgroup1asusermod -G group2 foowould removefoofromgroup1