Thanks Jerome, Johan, > it is called for you by PAM when you log in, AFAIK, this is > why it works from your command line
That was the missing bit. After following some blind alleys (pam-python seems to be only available for py 1.5 and os.setgroups() is only available in py 2.2) the solution was to run in /etc/init.d/zope 'su www-data -c 'zope-z2 ARGS'' instead of just 'zope-z2 ARGS' so that PAM is called by su. I didn't even have to adjust the zope-z2 script because the os.setuid() is not called when it is not run as root. Data.fs.lock and some other stuff in /var/lib/zope/var is now owned by www-data instead of root, so it is not necessarily best practice but works. Have a nice weekend, -- Holger Blasum _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )