diff options
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | daemon.py | 28 |
2 files changed, 25 insertions, 6 deletions
@@ -4,6 +4,9 @@ ChangeLog for logilab.common -- * modutils: allow overriding of _getobj by suppressing mangling +-- + * daemon: call initgroups/setgid before setuid + 2011-08-05 -- 0.56.1 * clcommands: #72450 --rc-file option doesn't work @@ -26,6 +26,27 @@ import sys import time import warnings +def setugid(user): + """Change process user and group ID + + Argument is a numeric user id or a user name""" + try: + from pwd import getpwuid + passwd = getpwuid(int(user)) + except ValueError: + from pwd import getpwnam + passwd = getpwnam(user) + + if hasattr(os, 'initgroups'): # python >= 2.7 + os.initgroups(passwd.pw_name, passwd.pw_gid) + else: + import ctypes + if ctypes.CDLL(None).initgroups(passwd.pw_name, passwd.pw_gid) < 0: + err = ctypes.c_int.in_dll(ctypes.pythonapi,"errno").value + raise OSError(err, os.strerror(err), 'initgroups') + os.setgid(passwd.pw_gid) + os.setuid(passwd.pw_uid) + def daemonize(pidfile=None, uid=None, umask=077): """daemonize a Unix process. Set paranoid umask by default. @@ -73,12 +94,7 @@ def daemonize(pidfile=None, uid=None, umask=077): f.close() # change process uid if uid: - try: - uid = int(uid) - except ValueError: - from pwd import getpwnam - uid = getpwnam(uid).pw_uid - os.setuid(uid) + setugid(uid) return None |