[Twisted-Python] Re: Switch to a different uid/gid after binding reserved ports (G lyph Lefkowitz)

[Richard.Townsend at edl.uk.eds.com]

> 
> You can specify keyword arguments to Application's constructor.
> 
> 	a = Application(uid=1001, gid=1001)
> 
> Then, call either the setUID or setEUID method of your Application 
> instance.  You will need to call bindPorts before calling these 
> methods, however.
> 

Hi Glyph,

I have now had a chance to test this on HP-UX11i and have discovered a
problem.

The code for Application.setUID() calls os.getgid() expecting it to return 0
for root. However, on HP-UX it returns 3.

# id
uid=0(root) gid=3(sys)
groups=0(root),1(other),2(bin),4(adm),5(daemon),6(mail),7(lp),20(users)

# /opt/python/bin/python          
Python 2.2.1 (#5, Jan 23 2003, 13:18:26) [C] on hp-ux11
Type "help", "copyright", "credits" or "license" for more information.
>>> import os
>>> os.getgid()
3

But:

>>> os.getgroups()
[3, 0, 1, 2, 4, 5, 6, 7, 20]

A possible solution would be:

    def setUID(self):
        """Retrieve persistent uid/gid pair (if possible) and set the
current process's uid/gid
        """
        if hasattr(os, 'getgroups'):
            if 0 in os.getgroups():
                os.setgid(self.gid)
                os.setuid(self.uid)
                log.msg('set uid/gid %s/%s' % (self.uid, self.gid))


Alternatively, you might use try/except & ignore OSError exceptions?

cheers,
Richard Townsend
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20030609/c7eedc81/attachment.html>