Inconsistency between os.getgroups and os.system('groups') after os.setgroups()
Ben Finney
ben+python at benfinney.id.au
Sun Mar 25 20:22:10 EDT 2012
jeff <3beezer at gmail.com> writes:
> On Sunday, March 25, 2012 4:04:55 PM UTC-6, Heiko Wundram wrote:
> > Am 25.03.2012 23:32, schrieb jeff:
> > > but I have to be able to get back to root privilege so I can't use
> > > setgid and setuid.
> >
> > Simply not possible (i.e., you can't drop root privileges, be it by
> > setuid()/setgid() or removing yourself from groups with setgroups()),
> > and later reacquire them _in the same process_. See the discussion of
> > how to implement privilege separation at
> >
> > http://www.citi.umich.edu/u/provos/ssh/privsep.html
>
> os.system("su -m <unprivileged_user> -c '<command string>'")
>
> seems to do the trick.
Yes, because ‘os.system’ explicitly starts a new process.
It can't be done in the same process, as Heiko correctly said.
--
\ “Faith, n. Belief without evidence in what is told by one who |
`\ speaks without knowledge, of things without parallel.” —Ambrose |
_o__) Bierce, _The Devil's Dictionary_, 1906 |
Ben Finney
More information about the Python-list
mailing list