I have built a special purpose interface into CVS (none of the existing Zope products had the right capabilities) and have gotten it all working but for the commit. The commit dies on a permissions problem. The solution, according to the cvs documentation, is to have all users, including zope, be members of a 'cvs' group and set the umask and permissions appropriately. I have done just that but have run into a problem. Zope runs as nobody.nobody but when doing cvs tasks it needs to run as nobody.cvs at least for those functions that modify the repository. That means that I need to change group for those cvs commands that modify the repository which is in the local file system and not exposed to Zope directly. I also have to take care to ensure that the group change is local and does not effect the rest of the running Zope system. It's not clear how to make things work. The Python commands that manage groups follow the Unix convention and are are limited to processes with root privileges. I see a couple of possibilities--perhaps the simplest is to make the 'nobody' group the CVS group. CVS explicitly disallows commits by root, but does not appear to disallow commits by 'nobody'. Alternatively, I could always spawn a suid process that performs the CVS task--but that seems overkill and a potential security hole. There must be a better way. Comments? Help?