[sudo-users] CGI not allowing sudo command
Todd C. Miller
Todd.Miller at courtesan.com
Sun Jan 2 12:17:44 EST 2005
In message <41D746E7.20001 at bigpond.net.au>
so spake David Logan (edgewing):
> I've just played around a bit more, looks like it could be a bug in
> python or mailman. I am getting a permission denied message when trying
> to open a config.pck file even though I am a member of the mailman
> group. If I run newgrp and set my primary group to mailman, everything
> works as it should.
>
> Looks like python is not looking at all the valid groups for a user.
> I'll go play some more but looks like sudo is not the issue. Mailman
> runs as setgid which is why I was running as group mailman then it
> shouldn't have mattered who the user was. (Well thats the theory 8-))
That sounds like apache is only setting the real and effective group
id (from the passwd file) and not the supplemental groups in
/etc/group (via the initgroups function).
You might check the apache docs to see if there is a config option
to set the supplemental group ids for the apache user.
- todd
More information about the sudo-users
mailing list