Python os.setgid() Examples
The following are 30
code examples of os.setgid().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
os
, or try the search function
.
Example #1
Source File: SetEnvironment.py From Resetter with GNU General Public License v3.0 | 6 votes |
def createDirs(self): uid_change = pwd.getpwnam(self.user).pw_uid gid_change = pwd.getpwnam(self.user).pw_gid pidx = os.fork() if pidx == 0: try: os.setgid(gid_change) os.setuid(uid_change) if not os.path.exists(self.directory): os.makedirs(self.directory) os.chdir(self.directory) man_dir = os.path.abspath("manifests") userlists_dir = os.path.abspath("userlists") self.copy(self.manifests, man_dir) self.copy(self.userlists, userlists_dir) finally: os._exit(0) os.waitpid(pidx, 0)
Example #2
Source File: subprocess.py From pulseaudio-dlna with GNU General Public License v3.0 | 6 votes |
def demote(self, uid, gid): def fn_uid_gid(): os.setgid(gid) os.setuid(uid) def fn_uid(): os.setuid(uid) def fn_gid(): os.setgid(gid) def fn_nop(): pass if uid and gid: return fn_uid_gid elif uid: return fn_uid elif gid: return fn_gid return fn_nop
Example #3
Source File: test_process.py From python-for-android with Apache License 2.0 | 6 votes |
def test_mockPTYSetUidInParent(self): """ Try creating a PTY process with setting its uid, in the parent path: it should switch to root before fork, then restore initial uid/gids. """ self.mockos.child = False cmd = '/mock/ouch' d = defer.Deferred() p = TrivialProcessProtocol(d) oldPTYProcess = process.PTYProcess try: process.PTYProcess = DumbPTYProcess reactor.spawnProcess(p, cmd, ['ouch'], env=None, usePTY=True, uid=8080) finally: process.PTYProcess = oldPTYProcess self.assertEquals(self.mockos.actions, [('setuid', 0), ('setgid', 0), ('fork', False), ('setregid', 1235, 1234), ('setreuid', 1237, 1236), 'waitpid'])
Example #4
Source File: wsdd.py From wsdd with MIT License | 6 votes |
def drop_privileges(uid, gid): try: if gid is not None: os.setgid(gid) os.setegid(gid) logger.debug('switched uid to {}'.format(uid)) if uid is not None: os.setuid(uid) os.seteuid(uid) logger.debug('switched gid to {}'.format(gid)) logger.info('running as {} ({}:{})'.format(args.user, uid, gid)) except Exception as e: logger.error('dropping privileges failed: {}'.format(e)) return False return True
Example #5
Source File: local.py From dask-gateway with BSD 3-Clause "New" or "Revised" License | 6 votes |
def make_preexec_fn(self, cluster): # pragma: nocover # Borrowed and modified from jupyterhub/spawner.py pwnam = getpwnam(cluster.username) uid = pwnam.pw_uid gid = pwnam.pw_gid groups = [g.gr_gid for g in grp.getgrall() if cluster.username in g.gr_mem] workdir = cluster.state["workdir"] def preexec(): os.setgid(gid) try: os.setgroups(groups) except Exception as e: print("Failed to set groups %s" % e, file=sys.stderr) os.setuid(uid) os.chdir(workdir) return preexec
Example #6
Source File: process.py From Safejumper-for-Desktop with GNU General Public License v2.0 | 6 votes |
def _execChild(self, path, uid, gid, executable, args, environment): """ The exec() which is done in the forked child. """ if path: os.chdir(path) if uid is not None or gid is not None: if uid is None: uid = os.geteuid() if gid is None: gid = os.getegid() # set the UID before I actually exec the process os.setuid(0) os.setgid(0) switchUID(uid, gid) os.execvpe(executable, args, environment)
Example #7
Source File: test_process.py From python-for-android with Apache License 2.0 | 6 votes |
def test_mockSetUid(self): """ Try creating a process with setting its uid: it's almost the same path as the standard path, but with a C{switchUID} call before the exec. """ cmd = '/mock/ouch' d = defer.Deferred() p = TrivialProcessProtocol(d) try: reactor.spawnProcess(p, cmd, ['ouch'], env=None, usePTY=False, uid=8080) except SystemError: self.assert_(self.mockos.exited) self.assertEquals(self.mockos.actions, [('setuid', 0), ('setgid', 0), ('fork', False), ('switchuid', 8080, 1234), 'exec', 'exit']) else: self.fail("Should not be here")
Example #8
Source File: test_process.py From Safejumper-for-Desktop with GNU General Public License v2.0 | 6 votes |
def test_mockSetUid(self): """ Try creating a process with setting its uid: it's almost the same path as the standard path, but with a C{switchUID} call before the exec. """ cmd = b'/mock/ouch' d = defer.Deferred() p = TrivialProcessProtocol(d) try: reactor.spawnProcess(p, cmd, [b'ouch'], env=None, usePTY=False, uid=8080) except SystemError: self.assertTrue(self.mockos.exited) self.assertEqual( self.mockos.actions, [('fork', False), ('setuid', 0), ('setgid', 0), ('switchuid', 8080, 1234), 'exec', ('exit', 1)]) else: self.fail("Should not be here")
Example #9
Source File: test_process.py From Safejumper-for-Desktop with GNU General Public License v2.0 | 6 votes |
def test_mockPTYSetUid(self): """ Try creating a PTY process with setting its uid: it's almost the same path as the standard path, but with a C{switchUID} call before the exec. """ cmd = b'/mock/ouch' d = defer.Deferred() p = TrivialProcessProtocol(d) try: reactor.spawnProcess(p, cmd, [b'ouch'], env=None, usePTY=True, uid=8081) except SystemError: self.assertTrue(self.mockos.exited) self.assertEqual( self.mockos.actions, [('fork', False), 'setsid', ('setuid', 0), ('setgid', 0), ('switchuid', 8081, 1234), 'exec', ('exit', 1)]) else: self.fail("Should not be here")
Example #10
Source File: systemctl3.py From vanilla-docker with MIT License | 6 votes |
def shutil_setuid(user = None, group = None): """ set fork-child uid/gid (returns pw-info env-settings)""" if group: import grp gid = grp.getgrnam(group).gr_gid os.setgid(gid) logg.debug("setgid %s '%s'", gid, group) if user: import pwd pw = pwd.getpwnam(user) if not group: gid = pw.pw_gid os.setgid(gid) logg.debug("setgid %s", gid) uid = pw.pw_uid os.setuid(uid) logg.debug("setuid %s '%s'", uid, user) home = pw.pw_dir shell = pw.pw_shell logname = pw.pw_name return { "USER": user, "LOGNAME": logname, "HOME": home, "SHELL": shell } return {}
Example #11
Source File: ext_daemon.py From deepWordBug with Apache License 2.0 | 6 votes |
def switch(self): """ Switch the current process's user/group to ``self.user``, and ``self.group``. Change directory to ``self.dir``, and write the current pid out to ``self.pid_file``. """ # set the running uid/gid LOG.debug('setting process uid(%s) and gid(%s)' % (self.user.pw_uid, self.group.gr_gid)) os.setgid(self.group.gr_gid) os.setuid(self.user.pw_uid) os.environ['HOME'] = self.user.pw_dir os.chdir(self.dir) if self.pid_file and os.path.exists(self.pid_file): raise exc.FrameworkError("Process already running (%s)" % self.pid_file) else: self._write_pid_file()
Example #12
Source File: proctools.py From pycopia with Apache License 2.0 | 6 votes |
def run_as(pwent, umask=0o22): """Drop privileges to given user's password entry, and set up environment. Assumes the parent process has root privileges. """ os.umask(umask) home = pwent.home try: os.chdir(home) except OSError: os.chdir("/") # drop privs to user os.setgroups(pwent.groups) os.setgid(pwent.gid) os.setegid(pwent.gid) os.setuid(pwent.uid) os.seteuid(pwent.uid) os.environ["HOME"] = home os.environ["USER"] = pwent.name os.environ["LOGNAME"] = pwent.name os.environ["SHELL"] = pwent.shell os.environ["PATH"] = "/bin:/usr/bin:/usr/local/bin" return None
Example #13
Source File: utils.py From barman with GNU General Public License v3.0 | 6 votes |
def drop_privileges(user): """ Change the system user of the current python process. It will only work if called as root or as the target user. :param string user: target user :raise KeyError: if the target user doesn't exists :raise OSError: when the user change fails """ pw = pwd.getpwnam(user) if pw.pw_uid == os.getuid(): return groups = [e.gr_gid for e in grp.getgrall() if pw.pw_name in e.gr_mem] groups.append(pw.pw_gid) os.setgroups(groups) os.setgid(pw.pw_gid) os.setuid(pw.pw_uid) os.environ['HOME'] = pw.pw_dir
Example #14
Source File: acehttp.py From HTTPAceProxy with GNU General Public License v3.0 | 6 votes |
def drop_privileges(uid_name='nobody', gid_name='nogroup'): try: import pwd, grp except ImportError: return False # Windows # Get the uid/gid from the name running_uid = pwd.getpwnam(uid_name).pw_uid running_uid_home = pwd.getpwnam(uid_name).pw_dir running_gid = grp.getgrnam(gid_name).gr_gid # Remove group privileges os.setgroups([]) # Try setting the new uid/gid os.setgid(running_gid) os.setuid(running_uid) # Ensure a very conservative umask old_umask = os.umask(int('077', 8)) value = (os.getuid() == running_uid and os.getgid() == running_gid) if value: # could be useful os.environ['HOME'] = running_uid_home logger.info('Changed permissions to: %s: %i, %s, %i' % (uid_name, running_uid, gid_name, running_gid)) return value
Example #15
Source File: process.py From learn_python3_spider with MIT License | 6 votes |
def _execChild(self, path, uid, gid, executable, args, environment): """ The exec() which is done in the forked child. """ if path: os.chdir(path) if uid is not None or gid is not None: if uid is None: uid = os.geteuid() if gid is None: gid = os.getegid() # set the UID before I actually exec the process os.setuid(0) os.setgid(0) switchUID(uid, gid) os.execvpe(executable, args, environment)
Example #16
Source File: fwaudit.py From fwaudit with GNU General Public License v2.0 | 6 votes |
def set_groups(path, new_uid, new_gid, verbose=True): '''For sudo case, set GID to non-SuperUser value.''' if not app_state['sudo_based_usage']: debug('set_groups: called for non-sudo use') return False try: debug('Changing file owner: file=' + path + ', uid=' + str(new_uid)) new_gid_list = [] new_gid_list = os.getgroups() if verbose: debug('os.getgroups: new_gid_list: ' + str(new_gid_list)) os.setgroups([]) if verbose: debug('calling os.setgroups(' + str(new_gid_list) + ')..') # os.setgroups(new_gid_list) # XXX macOS: ValueError: too many groups os.setgroups([new_gid_list[0]]) # XXX macOS: ValueError: too many groups if verbose: debug('calling os.setgid(' + str(new_gid) + ')..') os.setgid(new_gid) except OSError as e: critical(e, 'Unable to to update UID on file: ' + path) sys.exc_info() log('Exception ' + str(e.errno) + ': ' + str(e)) return False return True
Example #17
Source File: test_process.py From learn_python3_spider with MIT License | 6 votes |
def test_mockSetUid(self): """ Try creating a process with setting its uid: it's almost the same path as the standard path, but with a C{switchUID} call before the exec. """ cmd = b'/mock/ouch' d = defer.Deferred() p = TrivialProcessProtocol(d) try: reactor.spawnProcess(p, cmd, [b'ouch'], env=None, usePTY=False, uid=8080) except SystemError: self.assertTrue(self.mockos.exited) self.assertEqual( self.mockos.actions, [('fork', False), ('setuid', 0), ('setgid', 0), ('switchuid', 8080, 1234), 'exec', ('exit', 1)]) else: self.fail("Should not be here")
Example #18
Source File: test_process.py From learn_python3_spider with MIT License | 6 votes |
def test_mockPTYSetUid(self): """ Try creating a PTY process with setting its uid: it's almost the same path as the standard path, but with a C{switchUID} call before the exec. """ cmd = b'/mock/ouch' d = defer.Deferred() p = TrivialProcessProtocol(d) try: reactor.spawnProcess(p, cmd, [b'ouch'], env=None, usePTY=True, uid=8081) except SystemError: self.assertTrue(self.mockos.exited) self.assertEqual( self.mockos.actions, [('fork', False), 'setsid', ('setuid', 0), ('setgid', 0), ('switchuid', 8081, 1234), 'exec', ('exit', 1)]) else: self.fail("Should not be here")
Example #19
Source File: ext_daemon.py From jdcloud-cli with Apache License 2.0 | 6 votes |
def switch(self): """ Switch the current process's user/group to ``self.user``, and ``self.group``. Change directory to ``self.dir``, and write the current pid out to ``self.pid_file``. """ # set the running uid/gid LOG.debug('setting process uid(%s) and gid(%s)' % (self.user.pw_uid, self.group.gr_gid)) os.setgid(self.group.gr_gid) os.setuid(self.user.pw_uid) os.environ['HOME'] = self.user.pw_dir os.chdir(self.dir) if self.pid_file and os.path.exists(self.pid_file): raise exc.FrameworkError("Process already running (%s)" % self.pid_file) else: self._write_pid_file()
Example #20
Source File: daemon.py From luscan-devel with GNU General Public License v2.0 | 6 votes |
def change_process_owner(uid, gid): """ Change the owning UID and GID of this process. Sets the GID then the UID of the process (in that order, to avoid permission errors) to the specified `gid` and `uid` values. Requires appropriate OS privileges for this process. """ try: os.setgid(gid) os.setuid(uid) except Exception, exc: error = DaemonOSEnvironmentError( "Unable to change file creation mask (%(exc)s)" % vars()) raise error
Example #21
Source File: _privdrop_unix.py From py_daemoniker with The Unlicense | 6 votes |
def _setgroup(group): ''' Normalizes group to a gid and sets the current gid, or does nothing if group is None. ''' if group is None: return # Normalize group to gid elif isinstance(group, str): gid = grp.getgrnam(group).gr_gid # The group is already a gid. else: gid = group try: os.setgid(gid) except OSError: self.logger.error('Unable to change group.') sys.exit(1)
Example #22
Source File: irc.py From localslackirc with GNU General Public License v3.0 | 6 votes |
def su() -> None: """ switch user. Useful when starting localslackirc as a service as root user. """ if sys.platform.startswith('win'): return # Nothing to do, already not root if os.getuid() != 0: return username = environ.get('PROCESS_OWNER', 'nobody') userdata = pwd.getpwnam(username) os.setgid(userdata.pw_gid) os.setegid(userdata.pw_gid) os.setuid(userdata.pw_uid) os.seteuid(userdata.pw_uid)
Example #23
Source File: test_process.py From python-for-android with Apache License 2.0 | 5 votes |
def test_mockErrorInForkRestoreUID(self): """ If C{os.fork} raises an exception and a UID change has been made, the previous UID and GID are restored. """ self.mockos.raiseFork = OSError(errno.EAGAIN, None) protocol = TrivialProcessProtocol(None) self.assertRaises(OSError, reactor.spawnProcess, protocol, None, uid=8080) self.assertEqual(self.mockos.actions, [('setuid', 0), ('setgid', 0), ("fork", False), ('setregid', 1235, 1234), ('setreuid', 1237, 1236)])
Example #24
Source File: daemon.py From shadowsocks with Apache License 2.0 | 5 votes |
def set_user(username): if username is None: return import pwd import grp try: pwrec = pwd.getpwnam(username) except KeyError: logging.error('user not found: %s' % username) raise user = pwrec[0] uid = pwrec[2] gid = pwrec[3] cur_uid = os.getuid() if uid == cur_uid: return if cur_uid != 0: logging.error('can not set user as nonroot user') # will raise later # inspired by supervisor if hasattr(os, 'setgroups'): groups = [grprec[2] for grprec in grp.getgrall() if user in grprec[3]] groups.insert(0, gid) os.setgroups(groups) os.setgid(gid) os.setuid(uid)
Example #25
Source File: daemon.py From ssr-ml with Apache License 2.0 | 5 votes |
def set_user(username): if username is None: return import pwd import grp try: pwrec = pwd.getpwnam(username) except KeyError: logging.error('user not found: %s' % username) raise user = pwrec[0] uid = pwrec[2] gid = pwrec[3] cur_uid = os.getuid() if uid == cur_uid: return if cur_uid != 0: logging.error('can not set user as nonroot user') # will raise later # inspired by supervisor if hasattr(os, 'setgroups'): groups = [grprec[2] for grprec in grp.getgrall() if user in grprec[3]] groups.insert(0, gid) os.setgroups(groups) os.setgid(gid) os.setuid(uid)
Example #26
Source File: common.py From certidude with MIT License | 5 votes |
def drop_privileges(): from certidude import config import pwd _, _, uid, gid, gecos, root, shell = pwd.getpwnam("certidude") restricted_groups = [] restricted_groups.append(gid) # PAM needs access to /etc/shadow if config.AUTHENTICATION_BACKENDS == {"pam"}: import grp name, passwd, num, mem = grp.getgrnam("shadow") click.echo("Adding current user to shadow group due to PAM authentication backend") restricted_groups.append(num) os.setgroups(restricted_groups) os.setgid(gid) os.setuid(uid) click.echo("Switched %s (pid=%d) to user %s (uid=%d, gid=%d); member of groups %s" % (getproctitle(), os.getpid(), "certidude", os.getuid(), os.getgid(), ", ".join([str(j) for j in os.getgroups()]))) os.umask(0o007)
Example #27
Source File: test_process.py From python-for-android with Apache License 2.0 | 5 votes |
def test_mockSetUidInParent(self): """ Try creating a process with setting its uid, in the parent path: it should switch to root before fork, then restore initial uid/gids. """ self.mockos.child = False cmd = '/mock/ouch' d = defer.Deferred() p = TrivialProcessProtocol(d) reactor.spawnProcess(p, cmd, ['ouch'], env=None, usePTY=False, uid=8080) self.assertEquals(self.mockos.actions, [('setuid', 0), ('setgid', 0), ('fork', False), ('setregid', 1235, 1234), ('setreuid', 1237, 1236), 'waitpid'])
Example #28
Source File: common.py From canari3 with GNU General Public License v3.0 | 5 votes |
def uproot(): if os.name == 'posix' and not os.geteuid(): login = getuser() if login != 'root': import pwd click.echo( 'Why are you using root to run this command? You should be using %s! Bringing you down...' % login, err=True ) user = pwd.getpwnam(login) os.setgid(user.pw_gid) os.setuid(user.pw_uid)
Example #29
Source File: daemon.py From shadowsocks with Apache License 2.0 | 5 votes |
def set_user(username): if username is None: return import pwd import grp try: pwrec = pwd.getpwnam(username) except KeyError: logging.error('user not found: %s' % username) raise user = pwrec[0] uid = pwrec[2] gid = pwrec[3] cur_uid = os.getuid() if uid == cur_uid: return if cur_uid != 0: logging.error('can not set user as nonroot user') # will raise later # inspired by supervisor if hasattr(os, 'setgroups'): groups = [grprec[2] for grprec in grp.getgrall() if user in grprec[3]] groups.insert(0, gid) os.setgroups(groups) os.setgid(gid) os.setuid(uid)
Example #30
Source File: changer.py From landscape-client with GNU General Public License v2.0 | 5 votes |
def run_package_reporter(self): """ Run the L{PackageReporter} if there were successfully completed tasks. """ if self.handled_tasks_count == 0: # Nothing was done return if os.getuid() == 0: os.setgid(grp.getgrnam("landscape").gr_gid) os.setuid(pwd.getpwnam("landscape").pw_uid) command = find_reporter_command(self._config) if self._config.config is not None: command += " -c %s" % self._config.config os.system(command)