[sudo-users] CGI not allowing sudo command

Todd C. Miller Todd.Miller at courtesan.com
Sun Jan 2 12:17:44 EST 2005

In message <41D746E7.20001 at bigpond.net.au>
	so spake David Logan (edgewing):

> I've just played around a bit more, looks like it could be a bug in 
> python or mailman. I am getting a permission denied message when trying 
> to open a config.pck file even though I am a member of the mailman 
> group. If I run newgrp and set my primary group to mailman, everything 
> works as it should.
> Looks like python is not looking at all the valid groups for a user. 
> I'll go play some more but looks like sudo is not the issue. Mailman 
> runs as setgid which is why I was running as group mailman then it 
> shouldn't have mattered who the user was. (Well thats the theory 8-))

That sounds like apache is only setting the real and effective group
id (from the passwd file) and not the supplemental groups in
/etc/group (via the initgroups function).

You might check the apache docs to see if there is a config option
to set the supplemental group ids for the apache user.

 - todd

More information about the sudo-users mailing list