[Twisted-Python] Aplication process uid/gid

Jean-Paul Calderone exarkun at divmod.com
Mon Apr 28 07:52:58 MDT 2008


On Mon, 28 Apr 2008 10:40:23 -0300, Miguel Filho <miguel.filho at gmail.com> wrote:
>On Mon, Apr 28, 2008 at 9:46 AM, Jean-Paul Calderone <exarkun at divmod.com> wrote:
>>
>>  Privileges aren't shed immediately when Application is created.  They're
>>  shed after privilegedStartService and before startService.  You should
>>  delay any potentially sensitive operations until startService (ie, don't
>>  do them in ACLPolicyDaemonFactory.__init__ which is when I assume you
>>  meant you were opening that file).
>
>Indeed,  I'm doing it from ACLPolicyDaemonFactory.__init__.  Should I
>implement startService in my Factory class or somewhere else?

Only services which are children of the application get startService called
on them.  So to do it this way, you'll need a service in that situation.
Factories get startFactory called on them when they're bound to their first
port (and stopFactory when they're unbound from their last).  If you're
binding a privileged port, though, then this will happen while the process
is still running as root, so it's not as reliable as using startService.

To make a service, you need to implement IService:

http://twistedmatrix.com/documents/current/api/twisted.application.service.IService.html

You may also want to give the service a reference to your factory, or vice
versa, so that they can share state or call methods on each other or
whatever else is necessary.

Jean-Paul




More information about the Twisted-Python mailing list