Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Python > permission problem with os.setuid

Reply
Thread Tools

permission problem with os.setuid

 
 
Michele Simionato
Guest
Posts: n/a
 
      09-17-2004
I have a script that sometimes is run by myself (user id 501) and sometimes
by the mailer program as nobody/nogroup (userid 65534). I would like to change
the effective uid to 501 in any case, to get the right permissions, but
os.setuid and os.seteuid give me a OSError No. 1. Is there a way to get what I
want? My requirement is that the script should work indipendently from the
mailer program, i.e I would like to avoid configuring the mailer program by
hand. I am working on linux with postfix on Mandrake and exim4 on Debian.
Any suggestion?

Michele Simionato
 
Reply With Quote
 
 
 
 
Benjamin Niemann
Guest
Posts: n/a
 
      09-17-2004
Michele Simionato wrote:

> I have a script that sometimes is run by myself (user id 501) and sometimes
> by the mailer program as nobody/nogroup (userid 65534). I would like to change
> the effective uid to 501 in any case, to get the right permissions, but
> os.setuid and os.seteuid give me a OSError No. 1. Is there a way to get what I
> want? My requirement is that the script should work indipendently from the
> mailer program, i.e I would like to avoid configuring the mailer program by
> hand. I am working on linux with postfix on Mandrake and exim4 on Debian.
> Any suggestion?

Once a process is running as nobody (or any other non-root user account), you
cannot simple change the uid - that's a (very important) feature not a bug! To
change the uid you have to be root first, 'sudo' may help you - though I don't
know about the details how this works...
Possible pseudocode (and by pseudo I mean pseudo

if os.getuid() == 0: # I'm root
os.setuid(501)
elif os.getuid() != 501:
os.exec*("sudo", "myscript.py") # script is restarted, now as root

assert os.getuid() == 501
 
Reply With Quote
 
 
 
 
Michele Simionato
Guest
Posts: n/a
 
      09-17-2004
Benjamin Niemann <(E-Mail Removed)> wrote in message news:<cieb24$d6s$(E-Mail Removed)>...
> Once a process is running as nobody (or any other non-root user account), you
> cannot simple change the uid - that's a (very important) feature not a bug! To
> change the uid you have to be root first, 'sudo' may help you - though I don't
> know about the details how this works...
> Possible pseudocode (and by pseudo I mean pseudo
>
> if os.getuid() == 0: # I'm root
> os.setuid(501)
> elif os.getuid() != 501:
> os.exec*("sudo", "myscript.py") # script is restarted, now as root
>
> assert os.getuid() == 501


Uhm ... I wanted somewhat to avoid "sudo". Anyway, at the end I have decided
to change the design so that the script is always run as nobody.
This solves as well other issues and I am happy with it.


Michele Simionato
 
Reply With Quote
 
Benjamin Niemann
Guest
Posts: n/a
 
      09-17-2004
Michele Simionato wrote:
> Benjamin Niemann <(E-Mail Removed)> wrote in message news:<cieb24$d6s$(E-Mail Removed)>...
>
>>Once a process is running as nobody (or any other non-root user account), you
>>cannot simple change the uid - that's a (very important) feature not a bug! To
>>change the uid you have to be root first, 'sudo' may help you - though I don't
>>know about the details how this works...
>>Possible pseudocode (and by pseudo I mean pseudo
>>
>>if os.getuid() == 0: # I'm root
>> os.setuid(501)
>>elif os.getuid() != 501:
>> os.exec*("sudo", "myscript.py") # script is restarted, now as root
>>
>>assert os.getuid() == 501

>
>
> Uhm ... I wanted somewhat to avoid "sudo". Anyway, at the end I have decided
> to change the design so that the script is always run as nobody.
> This solves as well other issues and I am happy with it.

....and is the best solution. As long as it doesn't need more rights than
'no'body, there's no point in running it as 'some'body.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Fixed: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). Skybuck Flying Windows 64bit 1 06-29-2009 06:17 PM
Show stopper problem!! Parser Error Message: Execute permission cannot be acquired David Berman ASP .Net 0 06-22-2004 08:37 PM
FileStream permission problem with asp.NET web application! =?Utf-8?B?TWlrYWVsIEd1c3RhZnNzb24=?= ASP .Net 4 05-28-2004 06:39 AM
Permission's Problem Andy ASP .Net 6 11-27-2003 08:33 AM
Problem connecting to database - "already opened exclusively by another user, or you need permission to view its data" Tom Wild ASP .Net 0 08-14-2003 12:23 AM



Advertisments