It turns out this was quite specific to the context described above. I was using uWSGI to serve my site using emperor mode. I set the parameters `uid=www-data` and `gid=www-data`. I expected this to cause my vassal processes to have the permissions associated with the user and the group `www-data` *as well as* the permissions associated with any group to which `www-data` (the user) belongs. This assumption is *incorrect*. Vassals do not run (by default) with *any* supplementary group ids.

It turns out uWSGI (in recent versions) has a fix for this. You can manually specify `add-gid=mygroup` in the uWSGI configuration. You can specify this parameter many times to add as many gid's to a vassal process as your heart desires. This feature is only available as of uWSGI 1.9.15 so you might need to upgrade to use this approach. 

Full writeup [here][1].




 [1]: https://stackoverflow.com/questions/27300540/uwsgi-process-doesnt-inherit-permissions-associated-with-group-its-uid-belongs/27360613#27360613