Changes are made to files in /etc without allowing the user to accept or reject them after the emerge is complete. acct-user/mythtv modifies the existing user if that user is not logged in. No ._cfg0000_filename is installed. Reproducible: Always Steps to Reproduce: 1. Create a user mythtv with non default UID 2. Add some groups to this user 3. emerge acct-user/mythtv Actual Results: The user is modified to the default UID and groups Expected Results: The mythtv user is not changed. ._cfg0000_<filename> files installed so etc-update can be used to accept or reject updates to files in /etc This is a hard problem for the variety of operating systems supported by gentoo. Workaround: Add an eclass variable [i.e. ACCT_USER_NO_MODIFY] that will create the user and groups if the user is missing, otherwise it does nothing or maybe prints an information message listing the default UID and groups. Alternative workaround: ebuild has a USE flag to control dependency on acct-user/<...>. ebuild has a way to test for an existing user<...> so acct-user/<...> can be called on new installations one time even when the USE flag is would otherwise prevent this.
CONFIG_PROTECT protects installed files, not implicit effects of NSS calls. All user and group management is done via system tools that may or may not use files in /etc, /var or any local or remote location. I'm going to repeat myself: if you need special behavior, use a local overlay. That's how it's been designed and that's how it works.
