Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #22152
| Path | csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!news.glorb.com!news-xfer.nntp.sonic.net!news.astraweb.com!border6.newsrouter.astraweb.com!not-for-mail |
|---|---|
| From | Ben Finney <ben+python@benfinney.id.au> |
| Newsgroups | comp.lang.python |
| Subject | Re: Inconsistency between os.getgroups and os.system('groups') after os.setgroups() |
| References | <19158239.1073.1332711120749.JavaMail.geo-discussion-forums@ynlx41> <mailman.973.1332713242.3037.python-list@python.org> <7418918.681.1332718439318.JavaMail.geo-discussion-forums@yneo2> |
| X-Public-Key-ID | 0xAC128405 |
| X-Public-Key-Fingerprint | 517C F14B B2F3 98B0 CB35 4855 B8B2 4C06 AC12 8405 |
| X-Public-Key-URL | http://www.benfinney.id.au/contact/bfinney-pubkey.asc |
| X-Post-From | Ben Finney <bignose+hates-spam@benfinney.id.au> |
| Date | Mon, 26 Mar 2012 11:22:10 +1100 |
| Message-ID | <87ty1cgqj1.fsf@benfinney.id.au> (permalink) |
| User-Agent | Gnus/5.13 (Gnus v5.13) Emacs/23.3 (gnu/linux) |
| Cancel-Lock | sha1:w8aCnnyExwFcfOAc/OAkHbVPvLg= |
| MIME-Version | 1.0 |
| Content-Type | text/plain; charset=utf-8 |
| Content-Transfer-Encoding | 8bit |
| Lines | 27 |
| Organization | Unlimited download news at news.astraweb.com |
| NNTP-Posting-Host | f00be500.news.astraweb.com |
| X-Trace | DXC=Sn=a]X_kf_oj05>>><PFIcL?0kYOcDh@j7^o:UA4R?cei<Mg6XalR7`]G;2>V^?kWcbEW9A[5UK?eNZ[SL`C\KgcB3QAe0R;54d |
| Xref | csiph.com comp.lang.python:22152 |
Show key headers only | View raw
jeff <3beezer@gmail.com> writes:
> On Sunday, March 25, 2012 4:04:55 PM UTC-6, Heiko Wundram wrote:
> > Am 25.03.2012 23:32, schrieb jeff:
> > > but I have to be able to get back to root privilege so I can't use
> > > setgid and setuid.
> >
> > Simply not possible (i.e., you can't drop root privileges, be it by
> > setuid()/setgid() or removing yourself from groups with setgroups()),
> > and later reacquire them _in the same process_. See the discussion of
> > how to implement privilege separation at
> >
> > http://www.citi.umich.edu/u/provos/ssh/privsep.html
>
> os.system("su -m <unprivileged_user> -c '<command string>'")
>
> seems to do the trick.
Yes, because ‘os.system’ explicitly starts a new process.
It can't be done in the same process, as Heiko correctly said.
--
\ “Faith, n. Belief without evidence in what is told by one who |
`\ speaks without knowledge, of things without parallel.” —Ambrose |
_o__) Bierce, _The Devil's Dictionary_, 1906 |
Ben Finney
Back to comp.lang.python | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread
Inconsistency between os.getgroups and os.system('groups') after os.setgroups() jeff <3beezer@gmail.com> - 2012-03-25 14:32 -0700
Re: Inconsistency between os.getgroups and os.system('groups') after os.setgroups() Heiko Wundram <modelnine@modelnine.org> - 2012-03-26 00:04 +0200
Re: Inconsistency between os.getgroups and os.system('groups') after os.setgroups() jeff <3beezer@gmail.com> - 2012-03-25 16:33 -0700
Re: Inconsistency between os.getgroups and os.system('groups') after os.setgroups() jeff <3beezer@gmail.com> - 2012-03-25 16:33 -0700
Re: Inconsistency between os.getgroups and os.system('groups') after os.setgroups() Ben Finney <ben+python@benfinney.id.au> - 2012-03-26 11:22 +1100
Re: Inconsistency between os.getgroups and os.system('groups') after os.setgroups() jeff <3beezer@gmail.com> - 2012-03-26 07:41 -0700
csiph-web