Note: I've crossposted both the debian-user and zope lists because
this issue relates to both. Do the Right Thing with replies (and I
won't complain if I happen to get a duplicate copy one way or
another).
I am using Debian GNU/Linux (x86) with kernel 2.4.18, libc6 2.2.5-6,
and zope 2.5.1-1.
After zope (z2.py) calls setuid() and setgid() to drop its root
privileges the following odd results are seen :
o it properly switches to www-data:www-data
o it retains the privilege of all the secondary groups root had
(root and lpadmin)
o it does NOT obtain the privilege of any of www-data's
secondary groups
This can be observed by adding the lines
print "before"
os.system( "groups" )
print "after"
os.system( "groups" )
around the code where the setuid/setgid calls are and watching the
terminal that zope is started from.
The effect this had was to make roundup not work. I've temporarily
worked around this by adding root to the 'rsupport' group (which
www-data is already in).
Does anyone know why zope would display the above misbehavior with
respect to group membership? I think it is a bug somewhere, but I
don't know where (or how to solve it).
TIA!
-D
--
"...the word HACK is used as a verb to indicate a massive amount
of nerd-like effort." -Harley Hahn, A Student's Guide to Unix
GnuPG key : http://dman.ddts.net/~dman/public_key.gpg
Attachment:
pgpBrLQlPwc2U.pgp
Description: PGP signature