I reworked the cases where apt was not called by sudo. Patch now correctly checks for existence of the APT_LISTCHANGES_USER key and defaults to USERNAME if ALU key is not there.
I haven't been able to discern where $USERNAME is set, but it is reliably there as the original login user if 'su' was used, whereas '$LOGNAME' is set by su to be root.
--- apt_listchanges.py.orig 2012-06-30 06:36:46.000000000 -0400 +++ apt_listchanges.py 2013-03-24 15:32:06.708782730 -0400 @@ -34,6 +34,8 @@ import cStringIO import tempfile from ALChacks import * +# Bug 456454 +import subprocess, shlex, pwd # TODO: # newt-like frontend, or maybe some GUI bit @@ -236,7 +238,40 @@ tmp.flush() shellcommand = self.get_command() + ' ' + tmp.name - status = os.spawnl(os.P_WAIT, '/bin/sh', 'sh', '-c', shellcommand) + ################################################################################## + # + # Begin - Bug #456454 - Launch browser as non-root user + # + fe = self.config.get('frontend', 'pager') + if fe == "browser": + # If called by sudo set user to $SUDO_USER, + # if not, set user to $APT_LISTCHANGES_USER + # If $APT_LISTCHANGES_USER not set, set user to $USERNAME + if "SUDO_USER" in os.environ: + user = os.environ.get("SUDO_USER") + else: + if "APT_LISTCHANGES_USER" in os.environ: + user = os.environ.get("APT_LISTCHANGES_USER") + else: + user = os.environ.get("USERNAME") + + # Change permissions of temp file to 'user' + pw = pwd.getpwnam(user) + uid = pw.pw_uid + os.chown(tmp.name, uid, -1) + + # Invoke command as non-root user + cmd = 'su -c "' + shellcommand + '"' + ' ' + user + cmd = shlex.split(cmd) + print(cmd) + status = subprocess.call(cmd) + else: + status = os.spawnl(os.P_WAIT, '/bin/sh', 'sh', '-c', shellcommand) + # + # End - Bug #456454 + # + ################################################################################### + if status != 0: raise OSError('Subprocess ' + shellcommand + ' exited with status ' + str(status))