permission problem with os.setuid

Discussion in 'Python' started by Michele Simionato, Sep 17, 2004.

  1. I have a script that sometimes is run by myself (user id 501) and sometimes
    by the mailer program as nobody/nogroup (userid 65534). I would like to change
    the effective uid to 501 in any case, to get the right permissions, but
    os.setuid and os.seteuid give me a OSError No. 1. Is there a way to get what I
    want? My requirement is that the script should work indipendently from the
    mailer program, i.e I would like to avoid configuring the mailer program by
    hand. I am working on linux with postfix on Mandrake and exim4 on Debian.
    Any suggestion?

    Michele Simionato
    Michele Simionato, Sep 17, 2004
    #1
    1. Advertising

  2. Michele Simionato wrote:

    > I have a script that sometimes is run by myself (user id 501) and sometimes
    > by the mailer program as nobody/nogroup (userid 65534). I would like to change
    > the effective uid to 501 in any case, to get the right permissions, but
    > os.setuid and os.seteuid give me a OSError No. 1. Is there a way to get what I
    > want? My requirement is that the script should work indipendently from the
    > mailer program, i.e I would like to avoid configuring the mailer program by
    > hand. I am working on linux with postfix on Mandrake and exim4 on Debian.
    > Any suggestion?

    Once a process is running as nobody (or any other non-root user account), you
    cannot simple change the uid - that's a (very important) feature not a bug! To
    change the uid you have to be root first, 'sudo' may help you - though I don't
    know about the details how this works...
    Possible pseudocode (and by pseudo I mean pseudo ;)

    if os.getuid() == 0: # I'm root
    os.setuid(501)
    elif os.getuid() != 501:
    os.exec*("sudo", "myscript.py") # script is restarted, now as root

    assert os.getuid() == 501
    Benjamin Niemann, Sep 17, 2004
    #2
    1. Advertising

  3. Benjamin Niemann <> wrote in message news:<cieb24$d6s$>...
    > Once a process is running as nobody (or any other non-root user account), you
    > cannot simple change the uid - that's a (very important) feature not a bug! To
    > change the uid you have to be root first, 'sudo' may help you - though I don't
    > know about the details how this works...
    > Possible pseudocode (and by pseudo I mean pseudo ;)
    >
    > if os.getuid() == 0: # I'm root
    > os.setuid(501)
    > elif os.getuid() != 501:
    > os.exec*("sudo", "myscript.py") # script is restarted, now as root
    >
    > assert os.getuid() == 501


    Uhm ... I wanted somewhat to avoid "sudo". Anyway, at the end I have decided
    to change the design so that the script is always run as nobody.
    This solves as well other issues and I am happy with it.


    Michele Simionato
    Michele Simionato, Sep 17, 2004
    #3
  4. Michele Simionato wrote:
    > Benjamin Niemann <> wrote in message news:<cieb24$d6s$>...
    >
    >>Once a process is running as nobody (or any other non-root user account), you
    >>cannot simple change the uid - that's a (very important) feature not a bug! To
    >>change the uid you have to be root first, 'sudo' may help you - though I don't
    >>know about the details how this works...
    >>Possible pseudocode (and by pseudo I mean pseudo ;)
    >>
    >>if os.getuid() == 0: # I'm root
    >> os.setuid(501)
    >>elif os.getuid() != 501:
    >> os.exec*("sudo", "myscript.py") # script is restarted, now as root
    >>
    >>assert os.getuid() == 501

    >
    >
    > Uhm ... I wanted somewhat to avoid "sudo". Anyway, at the end I have decided
    > to change the design so that the script is always run as nobody.
    > This solves as well other issues and I am happy with it.

    ....and is the best solution. As long as it doesn't need more rights than
    'no'body, there's no point in running it as 'some'body.
    Benjamin Niemann, Sep 17, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Michael Lubavin
    Replies:
    1
    Views:
    3,048
    Steve Grazzini
    Jul 25, 2003
  2. danpres2k
    Replies:
    0
    Views:
    1,456
    danpres2k
    Aug 13, 2003
  3. pasear

    setuid program

    pasear, Oct 7, 2003, in forum: Perl
    Replies:
    3
    Views:
    3,075
    Kris Wempa
    Oct 8, 2003
  4. Chris
    Replies:
    1
    Views:
    838
    Roy Johnson
    Oct 28, 2003
  5. vertigo

    setuid() and getenv()?

    vertigo, Jul 16, 2004, in forum: Perl
    Replies:
    1
    Views:
    677
    Joe Smith
    Jul 17, 2004
Loading...

Share This Page