Add option `--group-id` to specify numerical group id

[davidjsherman]

trafficstars

Add an option --group-id to specify numerical group id separately from the numerical user id. If a group id is not specified, maintain the legacy behavior of using the numerical user id for the group.

Images created with --group-id=0 follow Openshift best practices for container images, see discussion. Such images will work in the default unprivileged restricted security context constraint on Openshift and OKD Kubernetes platforms, where a non-root arbitrary user id is allocated on the fly to containers.

The new test test_user_groups in tests/unit/test_users.py verifies the group id and checks file ownership. The existing test test_users now also tests for the legacy behavior. I admit that these tests are very similar and could perhaps be combined.

[welcome[bot]]

Thanks for submitting your first pull request! You are awesome! :hugs:
If you haven't done so already, check out Jupyter's Code of Conduct. Also, please make sure you followed the pull request template, as this will help us review your contribution more quickly. You can meet the other Jovyans by joining our Discourse forum. There is also a intro thread there where you can stop by and say Hi! :wave:
Welcome to the Jupyter community! :tada:

[davidjsherman]

I can do that. Do you by chance have a general idea of the tests that need to be made? I can verify that the uids and gids are as specified, but it would be better to check functional dependencies, if there are any.

[yuvipanda]

@davidjsherman not sure of the specifics, but perhaps look at the paths that are being chowned, and see what tests already cover them? Then, a gid variant can be added there.