[Zope] supplemental group ids (Linux)
Bill Anderson
bill@libc.org
Wed, 06 Sep 2000 19:05:06 -0600
Kip Rugger wrote:
>
> >OK, something is not quite right here.
> >On my unmodified zope, it is properly 'sandboxed'. Perhaps it is the use of
> >the explicit '-u nobody'? I don't do that on
> >my system, which causes Zope to run as nobody implicitly.
> >
> >(When started as root, unless told otherwise, zope will switch to nobody).
> >
> >Try running without the 'u nobody switch, and see what happens. Just out of
> >curiousity.
>
> No difference.
>
> I think the point is that Zope does not make any initgroups(3) calls;
> this will be a problem if the particular system needs it.
>
> I have two such systems:
>
> Linux 2.2.16 + glibc-2.1.2
> NetBSD 1.4
...
> Under this hypothesis, my question is how could _your_ system work?
> Why is it that you don't have the original primary gid lingering in
> the supplemental list?
Not sure. Here is my setup:
glibc 2.1.3
Kernel 2.2.15
heavilly modified Redhat 6.2 base.
Perhaps it is the kernel? I also have a 2.2.16 (2.1.3 glibc) kernelled machine which exhibits the behavior you see on
yours..
I can try it on a 2.2.4test6 kernel too ...
--
Do not meddle in the affairs of sysadmins, for they are easy to annoy,
and have the root password.