Python os.setgroups() Examples
The following are 30
code examples of os.setgroups().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
os
, or try the search function
.
.
Example #1
| Source File: cmd_server_ftp.py From habu with BSD 3-Clause "New" or "Revised" License | 6 votes |
|
def drop_privileges():
if os.getuid() != 0:
return
if 'SUDO_UID' not in os.environ:
return
pwnam = pwd.getpwuid(int(os.environ['SUDO_UID']))
print('Dropping privileges and going to user', pwnam.pw_name)
# Remove group privileges
os.setgroups([])
# Try setting the new uid/gid
os.setgid(pwnam.pw_gid)
os.setuid(pwnam.pw_uid)
# Ensure a reasonable umask
os.umask(0o22)
return True
Example #2
| Source File: utils.py From barman with GNU General Public License v3.0 | 6 votes |
|
def drop_privileges(user):
"""
Change the system user of the current python process.
It will only work if called as root or as the target user.
:param string user: target user
:raise KeyError: if the target user doesn't exists
:raise OSError: when the user change fails
"""
pw = pwd.getpwnam(user)
if pw.pw_uid == os.getuid():
return
groups = [e.gr_gid for e in grp.getgrall() if pw.pw_name in e.gr_mem]
groups.append(pw.pw_gid)
os.setgroups(groups)
os.setgid(pw.pw_gid)
os.setuid(pw.pw_uid)
os.environ['HOME'] = pw.pw_dir
Example #3
| Source File: local.py From dask-gateway with BSD 3-Clause "New" or "Revised" License | 6 votes |
|
def make_preexec_fn(self, cluster): # pragma: nocover
# Borrowed and modified from jupyterhub/spawner.py
pwnam = getpwnam(cluster.username)
uid = pwnam.pw_uid
gid = pwnam.pw_gid
groups = [g.gr_gid for g in grp.getgrall() if cluster.username in g.gr_mem]
workdir = cluster.state["workdir"]
def preexec():
os.setgid(gid)
try:
os.setgroups(groups)
except Exception as e:
print("Failed to set groups %s" % e, file=sys.stderr)
os.setuid(uid)
os.chdir(workdir)
return preexec
Example #4
| Source File: mock.py From mock with GNU General Public License v2.0 | 6 votes |
|
def setup_uid_manager(mockgid):
unprivUid = os.getuid()
unprivGid = os.getgid()
# sudo
if os.environ.get("SUDO_UID") is not None:
unprivUid = int(os.environ['SUDO_UID'])
os.setgroups((mockgid,))
unprivGid = int(os.environ['SUDO_GID'])
# consolehelper
if os.environ.get("USERHELPER_UID") is not None:
unprivUid = int(os.environ['USERHELPER_UID'])
unprivName = pwd.getpwuid(unprivUid).pw_name
secondary_groups = [g.gr_gid for g in grp.getgrall() if unprivName in g.gr_mem]
os.setgroups([mockgid] + secondary_groups)
unprivGid = pwd.getpwuid(unprivUid)[3]
uidManager = mockbuild.uid.UidManager(unprivUid, unprivGid)
return uidManager
Example #5
| Source File: util.py From python-for-android with Apache License 2.0 | 6 votes |
|
def _setgroups_until_success(l):
while(1):
# NASTY NASTY HACK (but glibc does it so it must be okay):
# In case sysconfig didn't give the right answer, find the limit
# on max groups by just looping, trying to set fewer and fewer
# groups each time until it succeeds.
try:
setgroups(l)
except ValueError:
# This exception comes from python itself restricting
# number of groups allowed.
if len(l) > 1:
del l[-1]
else:
raise
except OSError, e:
if e.errno == errno.EINVAL and len(l) > 1:
# This comes from the OS saying too many groups
del l[-1]
else:
raise
else:
# Success, yay!
return
Example #6
| Source File: acehttp.py From HTTPAceProxy with GNU General Public License v3.0 | 6 votes |
|
def drop_privileges(uid_name='nobody', gid_name='nogroup'):
try: import pwd, grp
except ImportError: return False # Windows
# Get the uid/gid from the name
running_uid = pwd.getpwnam(uid_name).pw_uid
running_uid_home = pwd.getpwnam(uid_name).pw_dir
running_gid = grp.getgrnam(gid_name).gr_gid
# Remove group privileges
os.setgroups([])
# Try setting the new uid/gid
os.setgid(running_gid)
os.setuid(running_uid)
# Ensure a very conservative umask
old_umask = os.umask(int('077', 8))
value = (os.getuid() == running_uid and os.getgid() == running_gid)
if value: # could be useful
os.environ['HOME'] = running_uid_home
logger.info('Changed permissions to: %s: %i, %s, %i' % (uid_name, running_uid, gid_name, running_gid))
return value
Example #7
| Source File: proctools.py From pycopia with Apache License 2.0 | 6 votes |
|
def run_as(pwent, umask=0o22):
"""Drop privileges to given user's password entry, and set up
environment. Assumes the parent process has root privileges.
"""
os.umask(umask)
home = pwent.home
try:
os.chdir(home)
except OSError:
os.chdir("/")
# drop privs to user
os.setgroups(pwent.groups)
os.setgid(pwent.gid)
os.setegid(pwent.gid)
os.setuid(pwent.uid)
os.seteuid(pwent.uid)
os.environ["HOME"] = home
os.environ["USER"] = pwent.name
os.environ["LOGNAME"] = pwent.name
os.environ["SHELL"] = pwent.shell
os.environ["PATH"] = "/bin:/usr/bin:/usr/local/bin"
return None
Example #8
| Source File: fwaudit.py From fwaudit with GNU General Public License v2.0 | 6 votes |
|
def set_groups(path, new_uid, new_gid, verbose=True):
'''For sudo case, set GID to non-SuperUser value.'''
if not app_state['sudo_based_usage']:
debug('set_groups: called for non-sudo use')
return False
try:
debug('Changing file owner: file=' + path + ', uid=' + str(new_uid))
new_gid_list = []
new_gid_list = os.getgroups()
if verbose:
debug('os.getgroups: new_gid_list: ' + str(new_gid_list))
os.setgroups([])
if verbose:
debug('calling os.setgroups(' + str(new_gid_list) + ')..')
# os.setgroups(new_gid_list) # XXX macOS: ValueError: too many groups
os.setgroups([new_gid_list[0]]) # XXX macOS: ValueError: too many groups
if verbose:
debug('calling os.setgid(' + str(new_gid) + ')..')
os.setgid(new_gid)
except OSError as e:
critical(e, 'Unable to to update UID on file: ' + path)
sys.exc_info()
log('Exception ' + str(e.errno) + ': ' + str(e))
return False
return True
Example #9
| Source File: utils.py From treadmill with Apache License 2.0 | 6 votes |
|
def drop_privileges(uid_name='nobody'):
"""Drop root privileges."""
if os.getuid() != 0:
# We're not root, nothing to do.
return
# Get the uid/gid from the name
(running_uid, _gid) = get_uid_gid(uid_name)
# Remove group privileges
os.setgroups([])
# Try setting the new uid/gid
os.setuid(running_uid)
# Ensure a very conservative umask
os.umask(0o77)
# TODO: probably redundant, as it will not have access to the
# cred cache anyway.
os.environ['KRB5CCNAME'] = 'FILE:/no_such_krbcc'
Example #10
| Source File: unix.py From BitTorrent with GNU General Public License v3.0 | 5 votes |
|
def _runAsUser(self, f, *args, **kw):
euid = os.geteuid()
egid = os.getegid()
groups = os.getgroups()
uid, gid = self.getUserGroupId()
os.setegid(0)
os.seteuid(0)
os.setgroups(self.getOtherGroups())
os.setegid(gid)
os.seteuid(uid)
try:
f = iter(f)
except TypeError:
f = [(f, args, kw)]
try:
for i in f:
func = i[0]
args = len(i)>1 and i[1] or ()
kw = len(i)>2 and i[2] or {}
r = func(*args, **kw)
finally:
os.setegid(0)
os.seteuid(0)
os.setgroups(groups)
os.setegid(egid)
os.seteuid(euid)
return r
Example #11
| Source File: daemon.py From shadowsocks-rm with Apache License 2.0 | 5 votes |
|
def set_user(username):
if username is None:
return
import pwd
import grp
try:
pwrec = pwd.getpwnam(username)
except KeyError:
logging.error('user not found: %s' % username)
raise
user = pwrec[0]
uid = pwrec[2]
gid = pwrec[3]
cur_uid = os.getuid()
if uid == cur_uid:
return
if cur_uid != 0:
logging.error('can not set user as nonroot user')
# will raise later
# inspired by supervisor
if hasattr(os, 'setgroups'):
groups = [grprec[2] for grprec in grp.getgrall() if user in grprec[3]]
groups.insert(0, gid)
os.setgroups(groups)
os.setgid(gid)
os.setuid(uid)
Example #12
| Source File: unix.py From python-for-android with Apache License 2.0 | 5 votes |
|
def _runAsUser(self, f, *args, **kw):
euid = os.geteuid()
egid = os.getegid()
groups = os.getgroups()
uid, gid = self.getUserGroupId()
os.setegid(0)
os.seteuid(0)
os.setgroups(self.getOtherGroups())
os.setegid(gid)
os.seteuid(uid)
try:
f = iter(f)
except TypeError:
f = [(f, args, kw)]
try:
for i in f:
func = i[0]
args = len(i)>1 and i[1] or ()
kw = len(i)>2 and i[2] or {}
r = func(*args, **kw)
finally:
os.setegid(0)
os.seteuid(0)
os.setgroups(groups)
os.setegid(egid)
os.seteuid(euid)
return r
Example #13
| Source File: daemon.py From ShadowSocks with Apache License 2.0 | 5 votes |
|
def set_user(username):
if username is None:
return
import pwd
import grp
try:
pwrec = pwd.getpwnam(username)
except KeyError:
logging.error('user not found: %s' % username)
raise
user = pwrec[0]
uid = pwrec[2]
gid = pwrec[3]
cur_uid = os.getuid()
if uid == cur_uid:
return
if cur_uid != 0:
logging.error('can not set user as nonroot user')
# will raise later
# inspired by supervisor
if hasattr(os, 'setgroups'):
groups = [grprec[2] for grprec in grp.getgrall() if user in grprec[3]]
groups.insert(0, gid)
os.setgroups(groups)
os.setgid(gid)
os.setuid(uid)
Example #14
| Source File: test_binaries.py From reconbf with Apache License 2.0 | 5 votes |
|
def _safe_child(to_exec, q, uid, gid):
try:
os.setgroups([])
os.setregid(gid, gid)
os.setreuid(uid, uid)
res = subprocess.check_output(to_exec, stderr=open(os.devnull, 'w'))
q.put(res)
except Exception as e:
q.put(e)
Example #15
| Source File: runscript.py From scriptform with GNU General Public License v3.0 | 5 votes |
|
def run_as(uid, gid, groups):
"""
Closure that changes the current running user and groups. Called before
executing scripts by Subprocess.
"""
def set_acc():
"""
Change user and groups
"""
os.setgroups(groups)
os.setgid(gid)
os.setuid(uid)
return set_acc
Example #16
| Source File: daemon.py From shadowsocksr-python with Apache License 2.0 | 5 votes |
|
def set_user(username):
if username is None:
return
import pwd
import grp
try:
pwrec = pwd.getpwnam(username)
except KeyError:
logging.error('user not found: %s' % username)
raise
user = pwrec[0]
uid = pwrec[2]
gid = pwrec[3]
cur_uid = os.getuid()
if uid == cur_uid:
return
if cur_uid != 0:
logging.error('can not set user as nonroot user')
# will raise later
# inspired by supervisor
if hasattr(os, 'setgroups'):
groups = [grprec[2] for grprec in grp.getgrall() if user in grprec[3]]
groups.insert(0, gid)
os.setgroups(groups)
os.setgid(gid)
os.setuid(uid)
Example #17
| Source File: daemon.py From shadowsocks-with-socks-auth with Apache License 2.0 | 5 votes |
|
def set_user(username):
if username is None:
return
import pwd
import grp
try:
pwrec = pwd.getpwnam(username)
except KeyError:
logging.error('user not found: %s' % username)
raise
user = pwrec[0]
uid = pwrec[2]
gid = pwrec[3]
cur_uid = os.getuid()
if uid == cur_uid:
return
if cur_uid != 0:
logging.error('can not set user as nonroot user')
# will raise later
# inspired by supervisor
if hasattr(os, 'setgroups'):
groups = [grprec[2] for grprec in grp.getgrall() if user in grprec[3]]
groups.insert(0, gid)
os.setgroups(groups)
os.setgid(gid)
os.setuid(uid)
Example #18
| Source File: util.py From sqlchain with MIT License | 5 votes |
|
def drop2user(cfg, chown=False):
if ('user' in cfg) and (cfg['user'] != '') and (os.getuid() == 0):
pw = pwd.getpwnam(cfg['user'])
if chown:
logfile = cfg['log'] if 'log' in cfg else sys.argv[0]+'.log'
pidfile = cfg['pid'] if 'pid' in cfg else sys.argv[0]+'.pid'
if os.path.exists(logfile):
os.chown(logfile, pw.pw_uid, pw.pw_gid)
if os.path.exists(pidfile):
os.chown(pidfile, pw.pw_uid, pw.pw_gid)
os.setgroups([])
os.setgid(pw.pw_gid)
os.setuid(pw.pw_uid)
os.umask(0022)
log('Dropped to user %s' % cfg['user'])
Example #19
| Source File: snappy.py From maas with GNU Affero General Public License v3.0 | 5 votes |
|
def change_user(username, effective=False):
"""Change running user, by default to the non-root user."""
running_uid = pwd.getpwnam(username).pw_uid
running_gid = grp.getgrnam(username).gr_gid
os.setgroups([])
if effective:
os.setegid(running_gid)
os.seteuid(running_uid)
else:
os.setgid(running_gid)
os.setuid(running_uid)
Example #20
| Source File: daemon.py From shadowsocks-analysis with Apache License 2.0 | 5 votes |
|
def set_user(username):
if username is None:
return
import pwd
import grp
try:
pwrec = pwd.getpwnam(username)
except KeyError:
logging.error('user not found: %s' % username)
raise
user = pwrec[0]
uid = pwrec[2]
gid = pwrec[3]
cur_uid = os.getuid()
if uid == cur_uid:
return
if cur_uid != 0:
logging.error('can not set user as nonroot user')
# will raise later
# inspired by supervisor
if hasattr(os, 'setgroups'):
groups = [grprec[2] for grprec in grp.getgrall() if user in grprec[3]]
groups.insert(0, gid)
os.setgroups(groups)
os.setgid(gid)
os.setuid(uid)
Example #21
| Source File: common.py From certidude with MIT License | 5 votes |
|
def drop_privileges():
from certidude import config
import pwd
_, _, uid, gid, gecos, root, shell = pwd.getpwnam("certidude")
restricted_groups = []
restricted_groups.append(gid)
# PAM needs access to /etc/shadow
if config.AUTHENTICATION_BACKENDS == {"pam"}:
import grp
name, passwd, num, mem = grp.getgrnam("shadow")
click.echo("Adding current user to shadow group due to PAM authentication backend")
restricted_groups.append(num)
os.setgroups(restricted_groups)
os.setgid(gid)
os.setuid(uid)
click.echo("Switched %s (pid=%d) to user %s (uid=%d, gid=%d); member of groups %s" %
(getproctitle(), os.getpid(), "certidude", os.getuid(), os.getgid(), ", ".join([str(j) for j in os.getgroups()])))
os.umask(0o007)
Example #22
| Source File: daemon.py From ssrr with Apache License 2.0 | 5 votes |
|
def set_user(username):
if username is None:
return
import pwd
import grp
try:
pwrec = pwd.getpwnam(username)
except KeyError:
logging.error('user not found: %s' % username)
raise
user = pwrec[0]
uid = pwrec[2]
gid = pwrec[3]
cur_uid = os.getuid()
if uid == cur_uid:
return
if cur_uid != 0:
logging.error('can not set user as nonroot user')
# will raise later
# inspired by supervisor
if hasattr(os, 'setgroups'):
groups = [grprec[2] for grprec in grp.getgrall() if user in grprec[3]]
groups.insert(0, gid)
os.setgroups(groups)
os.setgid(gid)
os.setuid(uid)
Example #23
| Source File: daemon.py From SSRSpeed with GNU General Public License v3.0 | 5 votes |
|
def set_user(username):
if username is None:
return
import pwd
import grp
try:
pwrec = pwd.getpwnam(username)
except KeyError:
logging.error('user not found: %s' % username)
raise
user = pwrec[0]
uid = pwrec[2]
gid = pwrec[3]
cur_uid = os.getuid()
if uid == cur_uid:
return
if cur_uid != 0:
logging.error('can not set user as nonroot user')
# will raise later
# inspired by supervisor
if hasattr(os, 'setgroups'):
groups = [grprec[2] for grprec in grp.getgrall() if user in grprec[3]]
groups.insert(0, gid)
os.setgroups(groups)
os.setgid(gid)
os.setuid(uid)
Example #24
| Source File: daemon.py From ShadowsocksFork with Apache License 2.0 | 5 votes |
|
def set_user(username):
if username is None:
return
import pwd
import grp
try:
pwrec = pwd.getpwnam(username)
except KeyError:
logging.error('user not found: %s' % username)
raise
user = pwrec[0]
uid = pwrec[2]
gid = pwrec[3]
cur_uid = os.getuid()
if uid == cur_uid:
return
if cur_uid != 0:
logging.error('can not set user as nonroot user')
# will raise later
# inspired by supervisor
if hasattr(os, 'setgroups'):
groups = [grprec[2] for grprec in grp.getgrall() if user in grprec[3]]
groups.insert(0, gid)
os.setgroups(groups)
os.setgid(gid)
os.setuid(uid)
Example #25
| Source File: qdisc_tool.py From synapse-tools with Apache License 2.0 | 5 votes |
|
def drop_perms() -> None:
user = getpwnam(os.environ.get('SUDO_USER', 'nobody'))
uid = user.pw_uid
gid = user.pw_gid
os.setgroups([])
os.setgid(gid)
os.setuid(uid)
Example #26
| Source File: unix.py From Safejumper-for-Desktop with GNU General Public License v2.0 | 5 votes |
|
def _runAsUser(self, f, *args, **kw):
euid = os.geteuid()
egid = os.getegid()
groups = os.getgroups()
uid, gid = self.getUserGroupId()
os.setegid(0)
os.seteuid(0)
os.setgroups(self.getOtherGroups())
os.setegid(gid)
os.seteuid(uid)
try:
f = iter(f)
except TypeError:
f = [(f, args, kw)]
try:
for i in f:
func = i[0]
args = len(i) > 1 and i[1] or ()
kw = len(i) > 2 and i[2] or {}
r = func(*args, **kw)
finally:
os.setegid(0)
os.seteuid(0)
os.setgroups(groups)
os.setegid(egid)
os.seteuid(euid)
return r
Example #27
| Source File: daemon.py From neverendshadowsocks with Apache License 2.0 | 5 votes |
|
def set_user(username):
if username is None:
return
import pwd
import grp
try:
pwrec = pwd.getpwnam(username)
except KeyError:
logging.error('user not found: %s' % username)
raise
user = pwrec[0]
uid = pwrec[2]
gid = pwrec[3]
cur_uid = os.getuid()
if uid == cur_uid:
return
if cur_uid != 0:
logging.error('can not set user as nonroot user')
# will raise later
# inspired by supervisor
if hasattr(os, 'setgroups'):
groups = [grprec[2] for grprec in grp.getgrall() if user in grprec[3]]
groups.insert(0, gid)
os.setgroups(groups)
os.setgid(gid)
os.setuid(uid)
Example #28
| Source File: serve.py From pulsar with Apache License 2.0 | 5 votes |
|
def change_user_group(self, user, group):
if not user and not group:
return
import pwd, grp
uid = gid = None
if group:
try:
gid = int(group)
group = grp.getgrgid(gid).gr_name
except ValueError:
import grp
try:
entry = grp.getgrnam(group)
except KeyError:
raise BadCommand(
"Bad group: %r; no such group exists" % group)
gid = entry.gr_gid
try:
uid = int(user)
user = pwd.getpwuid(uid).pw_name
except ValueError:
try:
entry = pwd.getpwnam(user)
except KeyError:
raise BadCommand(
"Bad username: %r; no such user exists" % user)
if not gid:
gid = entry.pw_gid
uid = entry.pw_uid
if self.verbose > 0:
print('Changing user to %s:%s (%s:%s)' % (
user, group or '(unknown)', uid, gid))
if hasattr(os, 'initgroups'):
os.initgroups(user, gid)
else:
os.setgroups([e.gr_gid for e in grp.getgrall()
if user in e.gr_mem] + [gid])
if gid:
os.setgid(gid)
if uid:
os.setuid(uid)
Example #29
| Source File: eap_proxy.py From eap_proxy with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
def run_as(username, groupname=""):
"""Switch process to run as `username` and optionally `groupname`."""
pw = pwd.getpwnam(username)
uid = pw.pw_uid
gid = grp.getgrnam(groupname).gr_gid if groupname else pw.pw_gid
os.setgroups([])
os.setgid(gid)
os.setuid(uid)
Example #30
| Source File: daemon.py From shadowsocksr with Apache License 2.0 | 5 votes |
|
def set_user(username):
if username is None:
return
import pwd
import grp
try:
pwrec = pwd.getpwnam(username)
except KeyError:
logging.error('user not found: %s' % username)
raise
user = pwrec[0]
uid = pwrec[2]
gid = pwrec[3]
cur_uid = os.getuid()
if uid == cur_uid:
return
if cur_uid != 0:
logging.error('can not set user as nonroot user')
# will raise later
# inspired by supervisor
if hasattr(os, 'setgroups'):
groups = [grprec[2] for grprec in grp.getgrall() if user in grprec[3]]
groups.insert(0, gid)
os.setgroups(groups)
os.setgid(gid)
os.setuid(uid)
