This now logs me with the same group as the user, however this user is a member of other groups as well. I tried adding multiple --group entries, but it does not work.
Is it possible to achieve this? That is, if the user is a member of N groups then groups command should give me N results.
When you run incus exec, you run a command in the instance. That command could be an interactive shell. I think that what you are looking for, is a login shell.
I am not sure how to achieve that with just incus exec parameters. We have been doing this using features of the instance to launch such a login shell.
Using su -l
$ incus exec mydebian -- su -l debian
debian@mydebian:~$
incus shell is an internal alias in Incus. Yes, Incus has command aliases with incus alias and one of them is internal, built-in into the incus client. It does a su -l as above. The alias does not specify a user account, therefore you su -l to root.
You would select which command is your preferred command to get a shell into an Incus instance, and then write a incus alias that will let you get a shell without supplying all the parameters.
liblxc’s attach logic doesn’t provide a way to seed the setgroups list, so additional groups cannot be specified.
As @simos mentioned, your best bet is to instead use something like su inside of the container to go through the container’s PAM stack and apply the groups listed in /etc/groups for your user