remote server and effective uid

T

Tim Arnold

Hi,
I have a remote server on a FreeBSD box with clients connecting from
linux, all running python2.7. I've setup the remote server as an inetd
service (currently running as 'nobody'). Both client and server have
access to the same file systems.

How can I enable the server process to write into the client's
directories?
If I change the inetd service to run as 'root', I guess that would
work, but then the client couldn't remove the files put there after
the request.
I could ditch the whole server process and wrap client requests with
rsh calls, but is there a way I can switch the effective uid of the
server process without asking clients to login?

Or is there a better way to solve the problem?

thanks,
--Tim Arnold
 
T

Tim Harig

How can I enable the server process to write into the client's
directories?
If I change the inetd service to run as 'root', I guess that would
work, but then the client couldn't remove the files put there after
the request.
Click to expand...

Python provides os.setuid() and os.seteuid() which wrap the system
functions. See you systems man pages for these functions for more
information.
 
T

Tim Arnold

Python provides os.setuid() and os.seteuid() which wrap the system
functions.  See you systems man pages for these functions for more
information.
Click to expand...

Thanks -- that was a lot easier than I thought it was going to be.
pass the client's uid in the message to the server like so

argstring, local_dir, uid = message.split(':')
os.seteuid(int(uid))

thanks again,
--Tim
 
T

Tim Harig

Thanks -- that was a lot easier than I thought it was going to be.
pass the client's uid in the message to the server like so

argstring, local_dir, uid = message.split(':')
os.seteuid(int(uid))
Click to expand...

I am not sure exactly what you are doing; but, I would advise great
caution as messing this up could easily open your system to exploitation.
Be very sure that you know what you are doing.
 
T

Tim Arnold

Tim Harig said:
I am not sure exactly what you are doing; but, I would advise great
caution as messing this up could easily open your system to exploitation.
Be very sure that you know what you are doing.
Click to expand...

I can see how that looks dangerous, but I think it's okay. I have inetd
listening on a port and whatever it receives, it passes on to that line
above "argstring, local_dir, uid message.split(':'). The argstring is
parsed using 'argparse' the resulting list of args is passed to a Python
class that can only do work for a specific set of args. I can't think of a
way someone could pass in an evil argstring that could do anything but fail.

Thanks for your reply, and if you still think it's dangerous please let me
know.
--Tim
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Python FTP timeout value not effective 3
client server socket interaction (inetd) 7
Question about 'remote objects' 3
NDS and GBA emulation server 0
Running a Python app on a remote server and displaying the output files 2
Monitoring/inventory client-server app 3
client/server 2
Database on remote server 2

Members online

Total: 43 (members: 1, guests: 42)
Robots: 436

Forum statistics

Threads
473,769
Messages
2,569,580
Members
45,054
Latest member
TrimKetoBoost

Latest Threads

Top