[Zope] Thanks: Unix: Vanishing Group Ids associated with Zope process

[Holger Blasum]

Thanks Jerome, Johan,

> it is called for you by PAM when you log in, AFAIK, this is
> why it works from your command line

That was the missing bit.

After following some blind alleys (pam-python seems to be only 
available for py 1.5 and os.setgroups() is only available in py 2.2)
the solution was to run in /etc/init.d/zope 'su www-data -c 'zope-z2
ARGS'' instead of just 'zope-z2 ARGS' so that PAM is called by su.  

I didn't even have to adjust the zope-z2 script because the os.setuid() 
is not called when it is not run as root.

Data.fs.lock and some other stuff in /var/lib/zope/var is now owned by 
www-data instead of root, so it is not necessarily best practice but works.

Have a nice weekend,

-- 
Holger Blasum