Run this test program as root:
import os
print "before:", os.getgroups()
os.system("groups")
os.setgroups([])
print "after:", os.getgroups()
os.system("groups")
After the os.setgroups, os.getgroups says that the process is not in any
groups, just as you would expect. However the groups command run using
os.system says that the process is in the root group. It appears that the new
process started by os.system augments the group membership specified in the
os.setgroups command with the group of the actual user of the original process
(which is root). I can suppress membership in the root group only by doing
os.setgid and os.setuid before the os.system call (in which case I wind up in
the group of the new user instead of root), but I have to be able to get back
to root privilege so I can't use setgid and setuid. How do I run a program
from a Python script running as root such that the group membership of the
process running the program does not include root?
--
http://mail.python.org/mailman/listinfo/python-list
