Am 25.03.2012 23:32, schrieb jeff:
After the os.setgroups, os.getgroups says that the process is not in
any groups, just as you would expect... I can suppress
membership in the root group only by doing os.setgid and os.setuid
before the os.system call (in which case I wind up in the group of
the
new user instead of root), but I have to be able to get back to root
privilege so I can't use setgid and setuid.
Simply not possible (i.e., you can't drop root privileges, be it by
setuid()/setgid() or removing yourself from groups with setgroups()),
and later reacquire them _in the same process_. See the discussion of
how to implement privilege separation at
http://www.citi.umich.edu/u/provos/ssh/privsep.html
(which discusses how this is implemented in OpenSSH) by running
multiple processes which communicate through IPC mechanisms, and each of
those drops the rights it requires. Using IPC to implement
reduced-privilege process spawning has a long history; also, Postfix
comes to mind as an "early" adopter of a privilege separation mechanism.
--
--- Heiko.
--
http://mail.python.org/mailman/listinfo/python-list
