Impersonate another user temporarily (Unix and Windows)

Chris Mellon arkanes at gmail.com
Thu Aug 23 13:13:26 CEST 2007


On 8/23/07, billiejoex <gnewsg at gmail.com> wrote:
> On 23 Ago, 10:38, Tim Golden <m... at timgolden.me.uk> wrote:
> > billiejoex wrote:
> > > Hi there. I'm writing a modification for a FTP server library I'm
> > > maintaining.
> > > Depending on the system I'd want to temporarily impersonate the logged
> > > user to perform actions on filesystem.
> > > Something like:
> >
> > > try:
> > >     change_user('user', 'password')
> > >     os.rmdir('dir')
> > > except:
> > >     print "some error"
> > > finally:
> > >     change_user('old_user', 'password')
> >
> > > On Unix I took at look at os.seteuid() and os.setegid() functions and
> > > I noticed they could be useful for my purpose.
> > > On Windows I have no idea about how could I emulate a similar
> > > behaviour.
> > > Could someone please point me in the right direction?
> >
> > (Warning: not tried, but at least gives you the things to Google for!)
> >
> > You need the win32security module from the pywin32 extensions. [1]
> > In particular, you want to look at the LogonUser and
> > ImpersonateLoggedOnUser functions.
> >
> > TJG
> >
> > [1]http://pywin32.sf.net- Nascondi testo tra virgolette -
> >
> > - Mostra testo tra virgolette -
>
> Thanks for suggestion.
> I made it.
>


Note that running your process as a user with enough priviledges to
impersonate another user pretty much eliminates all the benefits of
running as a low-priviledged user in the first place. Consider
re-thinking your application model and having an "ftp" user instead.



More information about the Python-list mailing list