[Twisted-Python] Aplication process uid/gid
Jean-Paul Calderone
exarkun at divmod.com
Mon Apr 28 07:52:58 MDT 2008
On Mon, 28 Apr 2008 10:40:23 -0300, Miguel Filho <miguel.filho at gmail.com> wrote:
>On Mon, Apr 28, 2008 at 9:46 AM, Jean-Paul Calderone <exarkun at divmod.com> wrote:
>>
>> Privileges aren't shed immediately when Application is created. They're
>> shed after privilegedStartService and before startService. You should
>> delay any potentially sensitive operations until startService (ie, don't
>> do them in ACLPolicyDaemonFactory.__init__ which is when I assume you
>> meant you were opening that file).
>
>Indeed, I'm doing it from ACLPolicyDaemonFactory.__init__. Should I
>implement startService in my Factory class or somewhere else?
Only services which are children of the application get startService called
on them. So to do it this way, you'll need a service in that situation.
Factories get startFactory called on them when they're bound to their first
port (and stopFactory when they're unbound from their last). If you're
binding a privileged port, though, then this will happen while the process
is still running as root, so it's not as reliable as using startService.
To make a service, you need to implement IService:
http://twistedmatrix.com/documents/current/api/twisted.application.service.IService.html
You may also want to give the service a reference to your factory, or vice
versa, so that they can share state or call methods on each other or
whatever else is necessary.
Jean-Paul
More information about the Twisted-Python
mailing list