[Twisted-Python] SetUID per XML RPC client
Dear all, What Im trying to do is the following. Please suggest whether this makes sense or not (I dont think it does- so am asking for suggestions!): 1. I have a XML RPC Server using xmlrpc.XMLRPC 2. Clients connect to it using SSL (am using reactor.listenSSL with a custom context factory) 3. This server (or agent) is being used for sys admin tasks. I want to connect, auth and then be able to do various sys admin tasks which the XMLRPC server lets them do. 4. What i wish to be able to do is that a UID/GID is set (based on their auth credentials) for that particular request. I personally think this is impossible to do with threads. I have done something simliar using Fork & C though. Doing os.setuid works but (obviously) changes the main process's UID which is not what I want. Any advice would be highly appreciated. -- Faraz R Khan Chief Architect Emergen Consulting Pvt Ltd www.emergen.biz
Faraz Khan wrote:
Dear all, What Im trying to do is the following. Please suggest whether this makes sense or not (I dont think it does- so am asking for suggestions!):
1. I have a XML RPC Server using xmlrpc.XMLRPC 2. Clients connect to it using SSL (am using reactor.listenSSL with a custom context factory)
3. This server (or agent) is being used for sys admin tasks. I want to connect, auth and then be able to do various sys admin tasks which the XMLRPC server lets them do.
4. What i wish to be able to do is that a UID/GID is set (based on their auth credentials) for that particular request.
I personally think this is impossible to do with threads. I have done something simliar using Fork & C though.
It may or may not be possible with threads, but it doesn't matter because Twisted doesn't use threads. It's single-process, single-thread async/event driven. You will not be able to setuid effectively in the main Twisted program.
Doing os.setuid works but (obviously) changes the main process's UID which is not what I want.
Any advice would be highly appreciated.
Run child processes doing the actual admin tasks.
Any advice would be highly appreciated.
Run child processes doing the actual admin tasks.
You mean respawn a different process altogether using os.respawn or the likes? Thats what I would think- was just hoping for a less wasteful approach but I guess there is none. Thanks! -- Faraz R Khan Chief Architect Emergen Consulting Pvt Ltd www.emergen.biz
Faraz Khan wrote:
Any advice would be highly appreciated.
Run child processes doing the actual admin tasks.
You mean respawn a different process altogether using os.respawn or the
Yes, but you'll need to use the Twisted process support e.g. see twisted.internet.utils.getProcess*
likes? Thats what I would think- was just hoping for a less wasteful approach but I guess there is none.
participants (2)
-
Faraz Khan -
Phil Mayers