permission problem with os.setuid

M

Michele Simionato

I have a script that sometimes is run by myself (user id 501) and sometimes
by the mailer program as nobody/nogroup (userid 65534). I would like to change
the effective uid to 501 in any case, to get the right permissions, but
os.setuid and os.seteuid give me a OSError No. 1. Is there a way to get what I
want? My requirement is that the script should work indipendently from the
mailer program, i.e I would like to avoid configuring the mailer program by
hand. I am working on linux with postfix on Mandrake and exim4 on Debian.
Any suggestion?

Michele Simionato
 
B

Benjamin Niemann

Michele said:
I have a script that sometimes is run by myself (user id 501) and sometimes
by the mailer program as nobody/nogroup (userid 65534). I would like to change
the effective uid to 501 in any case, to get the right permissions, but
os.setuid and os.seteuid give me a OSError No. 1. Is there a way to get what I
want? My requirement is that the script should work indipendently from the
mailer program, i.e I would like to avoid configuring the mailer program by
hand. I am working on linux with postfix on Mandrake and exim4 on Debian.
Any suggestion?
Click to expand...
Once a process is running as nobody (or any other non-root user account), you
cannot simple change the uid - that's a (very important) feature not a bug! To
change the uid you have to be root first, 'sudo' may help you - though I don't
know about the details how this works...
Possible pseudocode (and by pseudo I mean pseudo ;)

if os.getuid() == 0: # I'm root
os.setuid(501)
elif os.getuid() != 501:
os.exec*("sudo", "myscript.py") # script is restarted, now as root

assert os.getuid() == 501
 
M

Michele Simionato

Benjamin Niemann said:
Once a process is running as nobody (or any other non-root user account), you
cannot simple change the uid - that's a (very important) feature not a bug! To
change the uid you have to be root first, 'sudo' may help you - though I don't
know about the details how this works...
Possible pseudocode (and by pseudo I mean pseudo ;)

if os.getuid() == 0: # I'm root
os.setuid(501)
elif os.getuid() != 501:
os.exec*("sudo", "myscript.py") # script is restarted, now as root

assert os.getuid() == 501
Click to expand...

Uhm ... I wanted somewhat to avoid "sudo". Anyway, at the end I have decided
to change the design so that the script is always run as nobody.
This solves as well other issues and I am happy with it.


Michele Simionato
 
B

Benjamin Niemann

Michele said:
Uhm ... I wanted somewhat to avoid "sudo". Anyway, at the end I have decided
to change the design so that the script is always run as nobody.
This solves as well other issues and I am happy with it.
Click to expand...
....and is the best solution. As long as it doesn't need more rights than
'no'body, there's no point in running it as 'some'body.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

os.tmpfile() -> permission denied (Win XP) 4
newbie permission problem 9
Problem with socket permission 5
smtplib problem with newly rebuilt Debian/lenny system 2
strange problem with os.getlogin 1
shutil.move, permission denied, why ? 8
Establish read permission of a file in C (UNIX / Linux) 17
a problem with concurrency 2

Members online

Total: 42 (members: 1, guests: 41)
Robots: 687

Forum statistics

Threads
473,769
Messages
2,569,582
Members
45,057
Latest member
KetoBeezACVGummies

Latest Threads

Top