Python os.setuid() Examples
The following are 30
code examples of os.setuid().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
os
, or try the search function
.
Example #1
Source File: acehttp.py From HTTPAceProxy with GNU General Public License v3.0 | 6 votes |
def drop_privileges(uid_name='nobody', gid_name='nogroup'): try: import pwd, grp except ImportError: return False # Windows # Get the uid/gid from the name running_uid = pwd.getpwnam(uid_name).pw_uid running_uid_home = pwd.getpwnam(uid_name).pw_dir running_gid = grp.getgrnam(gid_name).gr_gid # Remove group privileges os.setgroups([]) # Try setting the new uid/gid os.setgid(running_gid) os.setuid(running_uid) # Ensure a very conservative umask old_umask = os.umask(int('077', 8)) value = (os.getuid() == running_uid and os.getgid() == running_gid) if value: # could be useful os.environ['HOME'] = running_uid_home logger.info('Changed permissions to: %s: %i, %s, %i' % (uid_name, running_uid, gid_name, running_gid)) return value
Example #2
Source File: ext_daemon.py From jdcloud-cli with Apache License 2.0 | 6 votes |
def switch(self): """ Switch the current process's user/group to ``self.user``, and ``self.group``. Change directory to ``self.dir``, and write the current pid out to ``self.pid_file``. """ # set the running uid/gid LOG.debug('setting process uid(%s) and gid(%s)' % (self.user.pw_uid, self.group.gr_gid)) os.setgid(self.group.gr_gid) os.setuid(self.user.pw_uid) os.environ['HOME'] = self.user.pw_dir os.chdir(self.dir) if self.pid_file and os.path.exists(self.pid_file): raise exc.FrameworkError("Process already running (%s)" % self.pid_file) else: self._write_pid_file()
Example #3
Source File: process.py From Safejumper-for-Desktop with GNU General Public License v2.0 | 6 votes |
def _execChild(self, path, uid, gid, executable, args, environment): """ The exec() which is done in the forked child. """ if path: os.chdir(path) if uid is not None or gid is not None: if uid is None: uid = os.geteuid() if gid is None: gid = os.getegid() # set the UID before I actually exec the process os.setuid(0) os.setgid(0) switchUID(uid, gid) os.execvpe(executable, args, environment)
Example #4
Source File: test_process.py From learn_python3_spider with MIT License | 6 votes |
def test_mockPTYSetUid(self): """ Try creating a PTY process with setting its uid: it's almost the same path as the standard path, but with a C{switchUID} call before the exec. """ cmd = b'/mock/ouch' d = defer.Deferred() p = TrivialProcessProtocol(d) try: reactor.spawnProcess(p, cmd, [b'ouch'], env=None, usePTY=True, uid=8081) except SystemError: self.assertTrue(self.mockos.exited) self.assertEqual( self.mockos.actions, [('fork', False), 'setsid', ('setuid', 0), ('setgid', 0), ('switchuid', 8081, 1234), 'exec', ('exit', 1)]) else: self.fail("Should not be here")
Example #5
Source File: SetEnvironment.py From Resetter with GNU General Public License v3.0 | 6 votes |
def createDirs(self): uid_change = pwd.getpwnam(self.user).pw_uid gid_change = pwd.getpwnam(self.user).pw_gid pidx = os.fork() if pidx == 0: try: os.setgid(gid_change) os.setuid(uid_change) if not os.path.exists(self.directory): os.makedirs(self.directory) os.chdir(self.directory) man_dir = os.path.abspath("manifests") userlists_dir = os.path.abspath("userlists") self.copy(self.manifests, man_dir) self.copy(self.userlists, userlists_dir) finally: os._exit(0) os.waitpid(pidx, 0)
Example #6
Source File: _privdrop_unix.py From py_daemoniker with The Unlicense | 6 votes |
def _setuser(user): ''' Normalizes user to a uid and sets the current uid, or does nothing if user is None. ''' if user is None: return # Normalize group to gid elif isinstance(user, str): uid = pwd.getpwnam(user).pw_uid # The group is already a gid. else: uid = user try: os.setuid(uid) except OSError: self.logger.error('Unable to change user.') sys.exit(1)
Example #7
Source File: test_process.py From Safejumper-for-Desktop with GNU General Public License v2.0 | 6 votes |
def test_mockSetUid(self): """ Try creating a process with setting its uid: it's almost the same path as the standard path, but with a C{switchUID} call before the exec. """ cmd = b'/mock/ouch' d = defer.Deferred() p = TrivialProcessProtocol(d) try: reactor.spawnProcess(p, cmd, [b'ouch'], env=None, usePTY=False, uid=8080) except SystemError: self.assertTrue(self.mockos.exited) self.assertEqual( self.mockos.actions, [('fork', False), ('setuid', 0), ('setgid', 0), ('switchuid', 8080, 1234), 'exec', ('exit', 1)]) else: self.fail("Should not be here")
Example #8
Source File: daemon.py From luscan-devel with GNU General Public License v2.0 | 6 votes |
def change_process_owner(uid, gid): """ Change the owning UID and GID of this process. Sets the GID then the UID of the process (in that order, to avoid permission errors) to the specified `gid` and `uid` values. Requires appropriate OS privileges for this process. """ try: os.setgid(gid) os.setuid(uid) except Exception, exc: error = DaemonOSEnvironmentError( "Unable to change file creation mask (%(exc)s)" % vars()) raise error
Example #9
Source File: systemctl3.py From vanilla-docker with MIT License | 6 votes |
def shutil_setuid(user = None, group = None): """ set fork-child uid/gid (returns pw-info env-settings)""" if group: import grp gid = grp.getgrnam(group).gr_gid os.setgid(gid) logg.debug("setgid %s '%s'", gid, group) if user: import pwd pw = pwd.getpwnam(user) if not group: gid = pw.pw_gid os.setgid(gid) logg.debug("setgid %s", gid) uid = pw.pw_uid os.setuid(uid) logg.debug("setuid %s '%s'", uid, user) home = pw.pw_dir shell = pw.pw_shell logname = pw.pw_name return { "USER": user, "LOGNAME": logname, "HOME": home, "SHELL": shell } return {}
Example #10
Source File: test_process.py From learn_python3_spider with MIT License | 6 votes |
def test_mockSetUid(self): """ Try creating a process with setting its uid: it's almost the same path as the standard path, but with a C{switchUID} call before the exec. """ cmd = b'/mock/ouch' d = defer.Deferred() p = TrivialProcessProtocol(d) try: reactor.spawnProcess(p, cmd, [b'ouch'], env=None, usePTY=False, uid=8080) except SystemError: self.assertTrue(self.mockos.exited) self.assertEqual( self.mockos.actions, [('fork', False), ('setuid', 0), ('setgid', 0), ('switchuid', 8080, 1234), 'exec', ('exit', 1)]) else: self.fail("Should not be here")
Example #11
Source File: proctools.py From pycopia with Apache License 2.0 | 6 votes |
def run_as(pwent, umask=0o22): """Drop privileges to given user's password entry, and set up environment. Assumes the parent process has root privileges. """ os.umask(umask) home = pwent.home try: os.chdir(home) except OSError: os.chdir("/") # drop privs to user os.setgroups(pwent.groups) os.setgid(pwent.gid) os.setegid(pwent.gid) os.setuid(pwent.uid) os.seteuid(pwent.uid) os.environ["HOME"] = home os.environ["USER"] = pwent.name os.environ["LOGNAME"] = pwent.name os.environ["SHELL"] = pwent.shell os.environ["PATH"] = "/bin:/usr/bin:/usr/local/bin" return None
Example #12
Source File: process.py From learn_python3_spider with MIT License | 6 votes |
def _execChild(self, path, uid, gid, executable, args, environment): """ The exec() which is done in the forked child. """ if path: os.chdir(path) if uid is not None or gid is not None: if uid is None: uid = os.geteuid() if gid is None: gid = os.getegid() # set the UID before I actually exec the process os.setuid(0) os.setgid(0) switchUID(uid, gid) os.execvpe(executable, args, environment)
Example #13
Source File: utils.py From barman with GNU General Public License v3.0 | 6 votes |
def drop_privileges(user): """ Change the system user of the current python process. It will only work if called as root or as the target user. :param string user: target user :raise KeyError: if the target user doesn't exists :raise OSError: when the user change fails """ pw = pwd.getpwnam(user) if pw.pw_uid == os.getuid(): return groups = [e.gr_gid for e in grp.getgrall() if pw.pw_name in e.gr_mem] groups.append(pw.pw_gid) os.setgroups(groups) os.setgid(pw.pw_gid) os.setuid(pw.pw_uid) os.environ['HOME'] = pw.pw_dir
Example #14
Source File: subprocess.py From pulseaudio-dlna with GNU General Public License v3.0 | 6 votes |
def demote(self, uid, gid): def fn_uid_gid(): os.setgid(gid) os.setuid(uid) def fn_uid(): os.setuid(uid) def fn_gid(): os.setgid(gid) def fn_nop(): pass if uid and gid: return fn_uid_gid elif uid: return fn_uid elif gid: return fn_gid return fn_nop
Example #15
Source File: ext_daemon.py From deepWordBug with Apache License 2.0 | 6 votes |
def switch(self): """ Switch the current process's user/group to ``self.user``, and ``self.group``. Change directory to ``self.dir``, and write the current pid out to ``self.pid_file``. """ # set the running uid/gid LOG.debug('setting process uid(%s) and gid(%s)' % (self.user.pw_uid, self.group.gr_gid)) os.setgid(self.group.gr_gid) os.setuid(self.user.pw_uid) os.environ['HOME'] = self.user.pw_dir os.chdir(self.dir) if self.pid_file and os.path.exists(self.pid_file): raise exc.FrameworkError("Process already running (%s)" % self.pid_file) else: self._write_pid_file()
Example #16
Source File: endpoints.py From qpid-python with Apache License 2.0 | 5 votes |
def testEINTR(self): m1 = self.content("testEINTR", 0) m2 = self.content("testEINTR", 1) self.snd.send(m1, timeout=self.timeout()) try: os.setuid(500) assert False, "setuid should fail" except: pass self.snd.send(m2, timeout=self.timeout())
Example #17
Source File: oschameleonRun.py From oschameleon with MIT License | 5 votes |
def drop_privileges(self, uid_name='nobody', gid_name='nogroup'): if self.args.debug: print("Init: Running as {0}/{1}.".format(pwd.getpwuid(os.getuid())[0], grp.getgrgid(os.getgid())[0])) wanted_uid = pwd.getpwnam(uid_name)[2] wanted_gid = grp.getgrnam(gid_name)[2] pid = gevent.fork() # print "root_fork : drop_privil : pid ",pid if pid == 0: # child # print ('starting child process') child_process = gevent.spawn(self.root_process) child_process.join() # print ('Child done:', child_process.successful()) flush_tables() # print ('Child exit') else: # parent os.setgid(wanted_gid) os.setuid(wanted_uid) new_uid_name = pwd.getpwuid(os.getuid())[0] new_gid_name = grp.getgrgid(os.getgid())[0] if self.args.debug: print("Parent: Privileges dropped, running as {0}/{1}.".format(new_uid_name, new_gid_name)) while True: try: gevent.sleep(1) # print ('Parent: ping') except KeyboardInterrupt: break
Example #18
Source File: root_fork.py From oschameleon with MIT License | 5 votes |
def drop_privileges(uid_name='nobody', gid_name='nogroup'): print("Init: Running as {0}/{1}.".format(pwd.getpwuid(os.getuid())[0], grp.getgrgid(os.getgid())[0])) wanted_uid = pwd.getpwnam(uid_name)[2] wanted_gid = grp.getgrnam(gid_name)[2] pid = gevent.fork() # print "root_fork : drop_privil : pid ",pid if pid == 0: # child print ('starting child process') child_process = gevent.spawn(root_process) child_process.join() print ('Child done:', child_process.successful()) flush_tables() print ('Child exit') else: # parent os.setgid(wanted_gid) os.setuid(wanted_uid) new_uid_name = pwd.getpwuid(os.getuid())[0] new_gid_name = grp.getgrgid(os.getgid())[0] print("Parent: Privileges dropped, running as {0}/{1}.".format(new_uid_name, new_gid_name)) while True: try: gevent.sleep(1) print ('Parent: ping') except KeyboardInterrupt: break
Example #19
Source File: daemon.py From ssrr with Apache License 2.0 | 5 votes |
def set_user(username): if username is None: return import pwd import grp try: pwrec = pwd.getpwnam(username) except KeyError: logging.error('user not found: %s' % username) raise user = pwrec[0] uid = pwrec[2] gid = pwrec[3] cur_uid = os.getuid() if uid == cur_uid: return if cur_uid != 0: logging.error('can not set user as nonroot user') # will raise later # inspired by supervisor if hasattr(os, 'setgroups'): groups = [grprec[2] for grprec in grp.getgrall() if user in grprec[3]] groups.insert(0, gid) os.setgroups(groups) os.setgid(gid) os.setuid(uid)
Example #20
Source File: subprocess.py From service-manager with Apache License 2.0 | 5 votes |
def _demo_posix(): # # Example 1: Simple redirection: Get process list # plist = Popen(["ps"], stdout=PIPE).communicate()[0] print "Process list:" print plist # # Example 2: Change uid before executing child # if os.getuid() == 0: p = Popen(["id"], preexec_fn=lambda: os.setuid(100)) p.wait() # # Example 3: Connecting several subprocesses # print "Looking for 'hda'..." p1 = Popen(["dmesg"], stdout=PIPE) p2 = Popen(["grep", "hda"], stdin=p1.stdout, stdout=PIPE) print repr(p2.communicate()[0]) # # Example 4: Catch execution error # print print "Trying a weird file..." try: print Popen(["/this/path/does/not/exist"]).communicate() except OSError, e: if e.errno == errno.ENOENT: print "The file didn't exist. I thought so..." print "Child traceback:" print e.child_traceback else: print "Error", e.errno
Example #21
Source File: daemon.py From SSRSpeed with GNU General Public License v3.0 | 5 votes |
def set_user(username): if username is None: return import pwd import grp try: pwrec = pwd.getpwnam(username) except KeyError: logging.error('user not found: %s' % username) raise user = pwrec[0] uid = pwrec[2] gid = pwrec[3] cur_uid = os.getuid() if uid == cur_uid: return if cur_uid != 0: logging.error('can not set user as nonroot user') # will raise later # inspired by supervisor if hasattr(os, 'setgroups'): groups = [grprec[2] for grprec in grp.getgrall() if user in grprec[3]] groups.insert(0, gid) os.setgroups(groups) os.setgid(gid) os.setuid(uid)
Example #22
Source File: daemon.py From Dockerfiles with Apache License 2.0 | 5 votes |
def set_user(username): if username is None: return import pwd import grp try: pwrec = pwd.getpwnam(username) except KeyError: logging.error('user not found: %s' % username) raise user = pwrec[0] uid = pwrec[2] gid = pwrec[3] cur_uid = os.getuid() if uid == cur_uid: return if cur_uid != 0: logging.error('can not set user as nonroot user') # will raise later # inspired by supervisor if hasattr(os, 'setgroups'): groups = [grprec[2] for grprec in grp.getgrall() if user in grprec[3]] groups.insert(0, gid) os.setgroups(groups) os.setgid(gid) os.setuid(uid)
Example #23
Source File: _cpcompat_subprocess.py From opsbro with MIT License | 5 votes |
def _demo_posix(): # # Example 1: Simple redirection: Get process list # plist = Popen(["ps"], stdout=PIPE).communicate()[0] print "Process list:" print plist # # Example 2: Change uid before executing child # if os.getuid() == 0: p = Popen(["id"], preexec_fn=lambda: os.setuid(100)) p.wait() # # Example 3: Connecting several subprocesses # print "Looking for 'hda'..." p1 = Popen(["dmesg"], stdout=PIPE) p2 = Popen(["grep", "hda"], stdin=p1.stdout, stdout=PIPE) print repr(p2.communicate()[0]) # # Example 4: Catch execution error # print print "Trying a weird file..." try: print Popen(["/this/path/does/not/exist"]).communicate() except OSError, e: if e.errno == errno.ENOENT: print "The file didn't exist. I thought so..." print "Child traceback:" print e.child_traceback else: print "Error", e.errno
Example #24
Source File: netstat.py From scalyr-agent-2 with Apache License 2.0 | 5 votes |
def drop_privileges(): """Drops privileges if running as root.""" try: ent = pwd.getpwnam(USER) except KeyError: return if os.getuid() != 0: return os.setgid(ent.pw_gid) os.setuid(ent.pw_uid)
Example #25
Source File: test_os.py From ironpython3 with Apache License 2.0 | 5 votes |
def test_setuid(self): if os.getuid() != 0: self.assertRaises(OSError, os.setuid, 0) self.assertRaises(OverflowError, os.setuid, 1<<32)
Example #26
Source File: test_os.py From Fluid-Designer with GNU General Public License v3.0 | 5 votes |
def test_setuid(self): if os.getuid() != 0: self.assertRaises(OSError, os.setuid, 0) self.assertRaises(OverflowError, os.setuid, 1<<32)
Example #27
Source File: subprocess_hack.py From advanced-launcher with GNU General Public License v2.0 | 5 votes |
def _demo_posix(): # # Example 1: Simple redirection: Get process list # plist = Popen(["ps"], stdout=PIPE).communicate()[0] print "Process list:" print plist # # Example 2: Change uid before executing child # if os.getuid() == 0: p = Popen(["id"], preexec_fn=lambda: os.setuid(100)) p.wait() # # Example 3: Connecting several subprocesses # print "Looking for 'hda'..." p1 = Popen(["dmesg"], stdout=PIPE) p2 = Popen(["grep", "hda"], stdin=p1.stdout, stdout=PIPE) print repr(p2.communicate()[0]) # # Example 4: Catch execution error # print print "Trying a weird file..." try: print Popen(["/this/path/does/not/exist"]).communicate() except OSError, e: if e.errno == errno.ENOENT: print "The file didn't exist. I thought so..." print "Child traceback:" print e.child_traceback else: print "Error", e.errno
Example #28
Source File: spark_gce.py From spark_gce with Apache License 2.0 | 5 votes |
def enable_sudo(master,command): ''' ssh_command(master,"echo \"import os\" > setuid.py ") ssh_command(master,"echo \"import sys\" >> setuid.py") ssh_command(master,"echo \"import commands\" >> setuid.py") ssh_command(master,"echo \"command=sys.argv[1]\" >> setuid.py") ssh_command(master,"echo \"os.setuid(os.geteuid())\" >> setuid.py") ssh_command(master,"echo \"print commands.getstatusoutput(\"command\")\" >> setuid.py") ''' os.system("ssh -i " + identity_file + " -t -o 'UserKnownHostsFile=/dev/null' -o 'CheckHostIP=no' -o 'StrictHostKeyChecking no' "+ username + "@" + master + " '" + command + "'")
Example #29
Source File: daemon.py From ShadowsocksFork with Apache License 2.0 | 5 votes |
def set_user(username): if username is None: return import pwd import grp try: pwrec = pwd.getpwnam(username) except KeyError: logging.error('user not found: %s' % username) raise user = pwrec[0] uid = pwrec[2] gid = pwrec[3] cur_uid = os.getuid() if uid == cur_uid: return if cur_uid != 0: logging.error('can not set user as nonroot user') # will raise later # inspired by supervisor if hasattr(os, 'setgroups'): groups = [grprec[2] for grprec in grp.getgrall() if user in grprec[3]] groups.insert(0, gid) os.setgroups(groups) os.setgid(gid) os.setuid(uid)
Example #30
Source File: test_process.py From learn_python3_spider with MIT License | 5 votes |
def setuid(self, val): """ Override C{os.setuid}. Do nothing. """ self.actions.append(('setuid', val))