New comment by sgn on void-packages repository

https://github.com/void-linux/void-packages/pull/24754#issuecomment-689905068

Comment:
> As a totally contrived example, suppose somebody puts an invalid value in `$system_groups`, say `wheel:x:123`. This will be split into a group `wheel:x` and a gid `123`.

Minor correction:
The current code will split into:
```sh
_grname=wheel:x
_gid=x:123
```

> Currently, when `getent group wheel:x` is run, the output will be empty and the return value nonzero because the group does not (and can never) exist. The trigger will try to create the group, but `groupadd` will fail because `wheel:x` is not a valid name, causing the trigger to complain during install.
> 
> The `grep` replacement will instead test a match on `wheel:x:` in `etc/group`, which (in this case) should match the existing group definition for `wheel`, meaning the trigger will not report an error. (It will also not report that a group was created, but that's much harder to notice than a failure message.)

I believe we can do the sanity check for argument by:
```sh
case "$1" in
*:*:*)  echo "Invalid group specification" >&2; exit 1;;
esac
```

> 
> In the end, it seems like the system state would be the same either way, because either a valid group is created or already exists; an invalid group fails to match and the trigger tries unsuccessfully to create it; or an invalid group falsely matches and the trigger doesn't try to run a `groupadd` command that would have failed anyway.
> 
> If we care about the failure always appearing when a group should be created but isn't, you might have to `cut` the fields of the files or pull `awk` into the picture.