Matt forgot to CC the list (then so did I).
----- Forwarded message from Andrew Bennetts <andrew-twisted(a)puzzling.org> -----
Date: Wed, 6 Apr 2005 12:16:40 +1000
From: Andrew Bennetts <andrew-twisted(a)puzzling.org>
To: Matt Feifarek <matt.feifarek(a)gmail.com>
Subject: Re: [Twisted-Python] shedding root
On Tue, Apr 05, 2005 at 09:25:17PM -0400, Matt Feifarek wrote:
> For some boring reasons, I can't really structure my whole app as a
> twisted app; I just need some little twisted bits.
> It seems that it's hard to do that; you really have to drink the whole
> kool-aid to use twisted.
It's not too hard, it's just not particularly visibly documented, because
it's not the usual case.
twistd uses twisted.application. You'll want to do something like:
from twisted.application import service
from twisted.scripts.twistd import shedPrivileges
from twisted.internet import reactor
app = service.Application('foo')
myservice = mymodule.MyService(...)
shedPrivileges(euid, uid, gid)
Where MyService is a subclass of service.Service that overrides startService
and privilegedStartService. You can attach any number of these to the
service.Applicaiton with setServiceParent. Basically, this is the same as
you'd do in a .tac file, followed by direct calls to privilegedStartService,
shedPrivileges, startService, etc, rather than relying on twistd to do them.
Services in twisted.application.internet, such as TCPService, already define
appropriate privilegedStartService methods.
If all you need is allowing non-root users to bind to privileged ports, you
might find the authbind utility from debian to be a useful way to leave your
code ignorant of these matters.
----- End forwarded message -----