Path: csiph.com!usenet.pasdenom.info!gegeweb.org!de-l.enfer-du-nord.net!feeder1.enfer-du-nord.net!feeds.phibee-telecom.net!newsfeed.xs4all.nl!newsfeed3.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.001 X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'scripts': 0.03; 'explicitly': 0.05; 'that?': 0.05; 'only,': 0.07; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'variable,': 0.09; 'runs': 0.10; 'python': 0.11; 'apache': 0.15; 'filesystem': 0.16; 'ids.': 0.16; 'message-id:@4ax.com': 0.16; 'os.getcwd()': 0.16; 'received:80.91.229.3': 0.16; 'received:plane.gmane.org': 0.16; 'retrieving': 0.16; 'sorts': 0.16; 'win7': 0.16; 'demonstrate': 0.16; 'prevent': 0.16; 'sat,': 0.16; 'module': 0.19; 'ownership': 0.19; '>>>': 0.22; 'import': 0.22; 'url:home': 0.24; '(or': 0.24; 'environment': 0.24; 'script': 0.25; 'least': 0.26; 'header:X-Complaints-To:1': 0.27; 'rest': 0.29; 'unix': 0.29; "doesn't": 0.30; "i'm": 0.30; '(which': 0.31; 'bunch': 0.31; 'file': 0.32; 'run': 0.32; 'running': 0.33; 'subject:from': 0.34; 'could': 0.34; "can't": 0.35; 'something': 0.35; 'operations': 0.35; 'test': 0.35; 'there': 0.35; 'skip:> 10': 0.36; 'charset:us- ascii': 0.36; 'should': 0.36; 'level': 0.37; 'received:76': 0.38; 'skip:o 20': 0.38; 'configured': 0.38; 'to:addr:python-list': 0.38; 'anything': 0.39; 'itself': 0.39; 'sure': 0.39; 'to:addr:python.org': 0.39; 'changed': 0.39; 'system.': 0.39; 'received:org': 0.40; 'guy': 0.60; 'real': 0.63; 'such': 0.63; 'anything.': 0.68; 'nobody': 0.68; 'jul': 0.74; '95%': 0.84; 'subject:Location': 0.84; '2013': 0.98 X-Injected-Via-Gmane: http://gmane.org/ To: python-list@python.org From: Dennis Lee Bieber Subject: Re: Geo Location extracted from visitors ip address Date: Sat, 06 Jul 2013 10:43:16 -0400 Organization: IISS Elusive Unicorn References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Gmane-NNTP-Posting-Host: adsl-76-249-28-241.dsl.klmzmi.sbcglobal.net X-Newsreader: Forte Agent 6.00/32.1186 X-No-Archive: YES X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 40 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1373121805 news.xs4all.nl 15977 [2001:888:2000:d::a6]:59221 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:50066 On Sat, 06 Jul 2013 10:10:22 +0300, ????? Gr33k declaimed the following: >It was some guy form hostgator.com that had told me that a python script >has the same level of access to anything on the filesystem as its >coressponding user running it, implying that if i run it under user >'root' the python script could access anything. > Yes, IF YOU RUN IT UNDER "root"... The ownership of the script file doesn't control the privileges it runs under as long as the file itself is read-access to other "users". >Are you sure that python scripts run under Apache user or Nobody user in >my case and not as user 'nikos' ? > That is the /normal/ way a web-server (or any server) should be configured -- explicitly to prevent operations from leaking into the rest of the system. >Is there some way to test that? > There are a whole bunch of methods in the os module (which I can't demonstrate as 95% of them are UNIX type OS only, and I'm running under Win7). All sorts of things for retrieving group and user IDs. Only thing I can access on Win7 is the least reliable items... (username is an environment variable, and as such could have been changed from the real user by something in the startup) >>> import os >>> os.environ["username"] 'Wulfraed' >>> os.getcwd() 'C:\\Users\\Wulfraed' >>> -- Wulfraed Dennis Lee Bieber AF6VN wlfraed@ix.netcom.com HTTP://wlfraed.home.netcom.com/