Matt forgot to CC the list (then so did I). ----- Forwarded message from Andrew Bennetts <andrew-twisted@puzzling.org> ----- Date: Wed, 6 Apr 2005 12:16:40 +1000 From: Andrew Bennetts <andrew-twisted@puzzling.org> To: Matt Feifarek <matt.feifarek@gmail.com> Subject: Re: [Twisted-Python] shedding root User-Agent: Mutt/1.5.6+20040907i On Tue, Apr 05, 2005 at 09:25:17PM -0400, Matt Feifarek wrote:

Thanks.

For some boring reasons, I can't really structure my whole app as a twisted app; I just need some little twisted bits.

It seems that it's hard to do that; you really have to drink the whole kool-aid to use twisted.

It's not too hard, it's just not particularly visibly documented, because it's not the usual case. twistd uses twisted.application. You'll want to do something like: from twisted.application import service from twisted.scripts.twistd import shedPrivileges from twisted.internet import reactor import mymodule app = service.Application('foo') myservice = mymodule.MyService(...) myservice.setServiceParent(app) service.IService(app).privilegedStartService() shedPrivileges(euid, uid, gid) service.IService(app).startService() reactor.addSystemEventTrigger('before', 'shutdown', service.IService(app).stopService) reactor.run() Where MyService is a subclass of service.Service that overrides startService and privilegedStartService. You can attach any number of these to the service.Applicaiton with setServiceParent. Basically, this is the same as you'd do in a .tac file, followed by direct calls to privilegedStartService, shedPrivileges, startService, etc, rather than relying on twistd to do them. Services in twisted.application.internet, such as TCPService, already define appropriate privilegedStartService methods. If all you need is allowing non-root users to bind to privileged ports, you might find the authbind utility from debian to be a useful way to leave your code ignorant of these matters. -Andrew. ----- End forwarded message -----