[Distutils] Buildout setuid
Lennart Regebro
regebro at gmail.com
Wed Sep 17 19:47:12 CEST 2014
While writing a blog post about software configuration management I looked
into buildout, and using it as an SCM tool. And it has one big restriction:
You can't run certain parts as root.
I think adding that would actually not be too hard. Are there any principal
arguments against it? I looked at making an extension, but I would need a
hook that is run before and after each step in that case.
I was thinking that you could define which parts should run as root in one
of two ways:
1. A parameter in the part config
2. Having a global configuration with a list of parts. This for the case
when the parts recipe itself has a parameter that clashes with the
parameter in 1.
I'm leaning towards having a setuid parameter, so you can set to other id's
than 0.
Technically it would be done by setuid to root for the configured parts,
and then back after it has run. You would have to run buildout as a whole
with sudo for this to work. It would use the login name as the "normal"
setuid, unless configured explicitly with a global setuid parameter.
Thoughts?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20140917/744a922f/attachment.html>
More information about the Distutils-SIG
mailing list