[Zope] supplemental group ids (Linux)
Wed, 06 Sep 2000 19:05:06 -0600
Kip Rugger wrote:
> >OK, something is not quite right here.
> >On my unmodified zope, it is properly 'sandboxed'. Perhaps it is the use of
> >the explicit '-u nobody'? I don't do that on
> >my system, which causes Zope to run as nobody implicitly.
> >(When started as root, unless told otherwise, zope will switch to nobody).
> >Try running without the 'u nobody switch, and see what happens. Just out of
> No difference.
> I think the point is that Zope does not make any initgroups(3) calls;
> this will be a problem if the particular system needs it.
> I have two such systems:
> Linux 2.2.16 + glibc-2.1.2
> NetBSD 1.4
> Under this hypothesis, my question is how could _your_ system work?
> Why is it that you don't have the original primary gid lingering in
> the supplemental list?
Not sure. Here is my setup:
heavilly modified Redhat 6.2 base.
Perhaps it is the kernel? I also have a 2.2.16 (2.1.3 glibc) kernelled machine which exhibits the behavior you see on
I can try it on a 2.2.4test6 kernel too ...
Do not meddle in the affairs of sysadmins, for they are easy to annoy,
and have the root password.