Change user on UNIX
Giampaolo Rodola'
gnewsg at gmail.com
Thu Mar 27 22:28:45 EDT 2008
Sorry for replying so late.
I'll try to describe what I'm actually trying to implement so that
maybe it can help you understand a little better.
The application is an asynchronous FTP server implementation.
I decided that it would be desirable to change the current
implementation so that every time a filesystem operation is going to
be made I
temporarily change the current process ID to reflect the current
logged-in user, execute the filesystem call and then switch back to
the original process ID.
Pseudo code:
def STOR(filename):
authorizer = UnixAuthorizer()
authorizer.impersonate_user(current_logged_in_user)
try:
f = open(filename, 'w')
finally:
authorizer.terminate_impersonation()
...
The UnixAuthorizer class is expected to provide the mechanism to
change the current user (presumably via os.setegid()/os.seteuid()) and
then switch back to the original one.
Since we're talking about an asynchronous environment I tought that
temporarily changing the process ID was the only way to do this.
I'm sincerely not skilled enough about the UNIX world to know which
are the security implications behind such an approach.
Do you think it is reasonable?
--- Giampaolo
http://code.google.com/p/pyftpdlib/
More information about the Python-list
mailing list