Work perfectly :) Thanks! On May 24, 7:45 am, Jan Koprowski <[email protected]> wrote: > Great thanks for help - really. I'm very appreciative. I was in > mountain in Polish PHPCon edition [phpcon.pl] and I'm back right now. > Flash command is local command probably wrote by local administrators > - I think cause I can't find this command elsewhere. > > But there is one mysterious thing in that. I believe this command have > sticky bit (chmod +s) to be run as root user. setgroups() manual > suggest this. From the other hand this tool can't be use by root. Why? > This tool watch groups You can get. For example: If You belongs to > groups "a b c" and You try tu use: > > $ flash b c d /bin/groups > d - permission denied > a b > $ > > So this watch groups you belongs to. Root user can't run this tool. In > my corporate root account is "unprivileged" to this because the can > get any groups they want. So I can't use "flash" after sudo. To Use > "flash" I compile my own Apache under home directory. So whole Apache > is under local user privileges - there is no processes with owned by > root. I'm wondering in this situation I can still use WSGI? > > One more time grate thank for help! Really! > > On May 22, 3:38 pm, Damjan <[email protected]> wrote: > > > > > > > > >> I need this to use ClearCase (cleartool binary). ACL in ClearCase > > > >> based on Unix system groups but it get only first 16 groups. So If > > > >> user belongs to 50 groups You must before using cleartool eject 34 > > > >> groups and leave only 16. And I need to choose "few" groups in WSGI > > > >> which will be inherit by WSGI child process. Then my application may > > > >> read ClearCase repositories. > > > > > use sudo > > > > Care to explain how that can help? > > > I understood that he starts a "cleartool binary" which is a separate > > program... maybe I mis-understood him? > > > The idea is, he could have a mod_wsgi user that's allowed via sudo to > > change to a user with the neccesseary credentials. > > > And sudo will do the right thing wrt the group vector. > > "The real and effective uid and gid are set to match those of the > > target user as specified in the passwd file and the group vector is > > initialized based on the group file" > > > So I'm thinkging> > > > Apache > > -> mod_wsgi (user_a) -> sudo cleartool (clear_user_a) > > -> mod_wsgi (user_b) -> sudo cleartool (clear_user_b) > > > > First off I don't see how sudo allows you override the group vector it > > > uses with a restricted set of users that you can define. > > > > It does have a -P option for preserving the vector group of the person > > > executing sudo, but if you cant control that persons group vector > > > isn't going to help. > > > > Secondly, use of sudo, even if it could do it, would still require > > > separate Apache instances and be just like the 'flash' program they > > > use now. > > > -- > > You received this message because you are subscribed to the Google Groups > > "modwsgi" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]. > > For more options, visit this group > > athttp://groups.google.com/group/modwsgi?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "modwsgi" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group > athttp://groups.google.com/group/modwsgi?hl=en.
-- You received this message because you are subscribed to the Google Groups "modwsgi" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/modwsgi?hl=en.
