Comment # 6 on bug 953543 from Dr. Werner Fink

(In reply to Bernhard Wiedemann from comment #4)

I'm aware, nevertheless: what is *wrong* with this?  From systemd-224/README

USERS AND GROUPS:
        Default udev rules use the following standard system group
        names, which need to be resolvable by getgrnam() at any time,
        even in the very early boot stages, where no other databases
        and network are available:

        audio, cdrom, dialout, disk, input, kmem, lp, tape, tty, video

        During runtime, the journal daemon requires the
        "systemd-journal" system group to exist. New journal files will
        be readable by this group (but not writable), which may be used
        to grant specific users read access. In addition, system
        groups "wheel" and "adm" will be given read-only access to
        journal files using systemd-tmpfiles.service.

        The journal gateway daemon requires the
        "systemd-journal-gateway" system user and group to
        exist. During execution this network facing service will drop
        privileges and assume this uid/gid for security reasons.

        Similarly, the NTP daemon requires the "systemd-timesync" system
        user and group to exist.

        Similarly, the network management daemon requires the
        "systemd-network" system user and group to exist.

        Similarly, the name resolution daemon requires the
        "systemd-resolve" system user and group to exist.

        Similarly, the kdbus dbus1 proxy daemon requires the
        "systemd-bus-proxy" system user and group to exist.