Inconsistency between os.getgroups and os.system('groups') after os.setgroups()
jeff
3beezer at gmail.com
Sun Mar 25 19:33:59 EDT 2012
On Sunday, March 25, 2012 4:04:55 PM UTC-6, Heiko Wundram wrote:
> Am 25.03.2012 23:32, schrieb jeff:
> > After the os.setgroups, os.getgroups says that the process is not in
> > any groups, just as you would expect... I can suppress
> > membership in the root group only by doing os.setgid and os.setuid
> > before the os.system call (in which case I wind up in the group of
> > the
> > new user instead of root), but I have to be able to get back to root
> > privilege so I can't use setgid and setuid.
>
> Simply not possible (i.e., you can't drop root privileges, be it by
> setuid()/setgid() or removing yourself from groups with setgroups()),
> and later reacquire them _in the same process_. See the discussion of
> how to implement privilege separation at
>
> http://www.citi.umich.edu/u/provos/ssh/privsep.html
>
> (which discusses how this is implemented in OpenSSH) by running
> multiple processes which communicate through IPC mechanisms, and each of
> those drops the rights it requires. Using IPC to implement
> reduced-privilege process spawning has a long history; also, Postfix
> comes to mind as an "early" adopter of a privilege separation mechanism.
>
> --
> --- Heiko.
os.system("su -m <unprivileged_user> -c '<command string>'")
seems to do the trick.
More information about the Python-list
mailing list