> >> I need this to use ClearCase (cleartool binary). ACL in ClearCase > >> based on Unix system groups but it get only first 16 groups. So If > >> user belongs to 50 groups You must before using cleartool eject 34 > >> groups and leave only 16. And I need to choose "few" groups in WSGI > >> which will be inherit by WSGI child process. Then my application may > >> read ClearCase repositories. > > > use sudo > > Care to explain how that can help?
I understood that he starts a "cleartool binary" which is a separate program... maybe I mis-understood him? The idea is, he could have a mod_wsgi user that's allowed via sudo to change to a user with the neccesseary credentials. And sudo will do the right thing wrt the group vector. "The real and effective uid and gid are set to match those of the target user as specified in the passwd file and the group vector is initialized based on the group file" So I'm thinkging> Apache -> mod_wsgi (user_a) -> sudo cleartool (clear_user_a) -> mod_wsgi (user_b) -> sudo cleartool (clear_user_b) > First off I don't see how sudo allows you override the group vector it > uses with a restricted set of users that you can define. > > It does have a -P option for preserving the vector group of the person > executing sudo, but if you cant control that persons group vector > isn't going to help. > > Secondly, use of sudo, even if it could do it, would still require > separate Apache instances and be just like the 'flash' program they > use now. -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/modwsgi?hl=en.
