Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #22146

Inconsistency between os.getgroups and os.system('groups') after os.setgroups()

From jeff <3beezer@gmail.com>
Newsgroups comp.lang.python
Subject Inconsistency between os.getgroups and os.system('groups') after os.setgroups()
Date 2012-03-25 14:32 -0700
Organization http://groups.google.com
Message-ID <19158239.1073.1332711120749.JavaMail.geo-discussion-forums@ynlx41> (permalink)

Show all headers | View raw

Run this test program as root:

import os

print "before:", os.getgroups()
os.system("groups")
os.setgroups([])
print "after:", os.getgroups()
os.system("groups")

After the os.setgroups, os.getgroups says that the process is not in any groups, just as you would expect.  However the groups command run using os.system says that the process is in the root group.  It appears that the new process started by os.system augments the group membership specified in the os.setgroups command with the group of the actual user of the original process (which is root).  I can suppress membership in the root group only by doing os.setgid and os.setuid before the os.system call (in which case I wind up in the group of the new user instead of root), but I have to be able to get back to root privilege so I can't use setgid and setuid.  How do I run a program from a Python script running as root such that the group membership of the process running the program does not include root?

Back to comp.lang.python | Previous | NextNext in thread | Find similar | Unroll thread

Thread

Inconsistency between os.getgroups and os.system('groups') after os.setgroups() jeff <3beezer@gmail.com> - 2012-03-25 14:32 -0700
  Re: Inconsistency between os.getgroups and os.system('groups') after os.setgroups() Heiko Wundram <modelnine@modelnine.org> - 2012-03-26 00:04 +0200
    Re: Inconsistency between os.getgroups and os.system('groups') after os.setgroups() jeff <3beezer@gmail.com> - 2012-03-25 16:33 -0700
    Re: Inconsistency between os.getgroups and os.system('groups') after os.setgroups() jeff <3beezer@gmail.com> - 2012-03-25 16:33 -0700
      Re: Inconsistency between os.getgroups and os.system('groups') after os.setgroups() Ben Finney <ben+python@benfinney.id.au> - 2012-03-26 11:22 +1100
        Re: Inconsistency between os.getgroups and os.system('groups') after os.setgroups() jeff <3beezer@gmail.com> - 2012-03-26 07:41 -0700

csiph-web