The default configuration files for app-backup/bacula (2.2.6) install configuration files that cause bacula to run as root!  Bacula is a network backup monitor and running any network service as root is a serious security hole and should only be done knowing the risks and taking appropriate steps to protect the system.  

I imagine the reason the package maintainer decided to do this was because bacula is a backup tool and is expected to be able to read superuser privileged files.  This is perfectly fine, but should be something the system administrator  chooses to do and does with the knowledge of what risks he is taking.  The bacula package SHOULD NEVER make this assumption for an admin.

The ebuild should create a "bacula" user along with the bacula group and default to running as this user.  The system administrator can then decide how to proceed without compromising security from the start.

Reproducible: Always

Steps to Reproduce:

Actual Results:  
Bacula runs as root!