Forum OpenACS Q&A: Response to unix user permissions: what is aolserver smoking?

nsd is doing things just exactly as you tell it to do.  That is standard Unix daemon behaviour, BTW: if I run the PostgreSQL postmaster, for instance, as user postgres group database, and try to access a file owned by lowen.postgres, it will fail, as the user.group pair doesn't match in either respect.  Either start nsd with -g nsadmin or change the group ownership of the file in question to web.

When you specify the group to run, why should nsd access with any other group id?  How does it know that you don't want to restrict the group for security's sake?

This is standard Unix user.group behaviour.  Nothing new.