Note: I've crossposted both the debian-user and zope lists because this issue relates to both. Do the Right Thing with replies (and I won't complain if I happen to get a duplicate copy one way or another).
I am using Debian GNU/Linux (x86) with kernel 2.4.18, libc6 2.2.5-6, and zope 2.5.1-1. After zope (z2.py) calls setuid() and setgid() to drop its root privileges the following odd results are seen : o it properly switches to www-data:www-data o it retains the privilege of all the secondary groups root had (root and lpadmin) o it does NOT obtain the privilege of any of www-data's secondary groups This can be observed by adding the lines print "before" os.system( "groups" ) print "after" os.system( "groups" ) around the code where the setuid/setgid calls are and watching the terminal that zope is started from. The effect this had was to make roundup not work. I've temporarily worked around this by adding root to the 'rsupport' group (which www-data is already in). Does anyone know why zope would display the above misbehavior with respect to group membership? I think it is a bug somewhere, but I don't know where (or how to solve it). TIA! -D -- "...the word HACK is used as a verb to indicate a massive amount of nerd-like effort." -Harley Hahn, A Student's Guide to Unix GnuPG key : http://dman.ddts.net/~dman/public_key.gpg
pgpNMsZ5jmtwM.pgp
Description: PGP signature