2
0
mirror of https://github.com/frappe/bench.git synced 2025-01-24 23:48:24 +00:00

better drop_privileges

This commit is contained in:
Pratik Vyas 2014-11-10 21:21:45 +05:30
parent af1da4acf2
commit 3cfdf6972c
2 changed files with 22 additions and 3 deletions

View File

@ -12,7 +12,7 @@ from .utils import set_nginx_port as _set_nginx_port
from .utils import set_default_site as _set_default_site from .utils import set_default_site as _set_default_site
from .utils import (build_assets, patch_sites, exec_cmd, update_bench, get_frappe, setup_logging, from .utils import (build_assets, patch_sites, exec_cmd, update_bench, get_frappe, setup_logging,
get_config, update_config, restart_supervisor_processes, put_config, default_config, update_requirements, get_config, update_config, restart_supervisor_processes, put_config, default_config, update_requirements,
backup_all_sites, backup_site, get_sites, prime_wheel_cache, is_root, set_mariadb_host) backup_all_sites, backup_site, get_sites, prime_wheel_cache, is_root, set_mariadb_host, drop_privileges)
from .app import get_app as _get_app from .app import get_app as _get_app
from .app import new_app as _new_app from .app import new_app as _new_app
from .app import pull_all_apps from .app import pull_all_apps
@ -49,7 +49,7 @@ def change_uid():
if is_root() and not cmd_requires_root(): if is_root() and not cmd_requires_root():
frappe_user = get_config().get('frappe_user') frappe_user = get_config().get('frappe_user')
if frappe_user: if frappe_user:
os.seteuid(pwd.getpwnam(frappe_user).pw_uid) drop_privileges(uid_name=frappe_user, gid_name=frappe_user)
os.environ['HOME'] = pwd.getpwnam(frappe_user).pw_dir os.environ['HOME'] = pwd.getpwnam(frappe_user).pw_dir
else: else:
print 'You should not run this command as root' print 'You should not run this command as root'

View File

@ -293,3 +293,22 @@ def update_json_file(filename, ddict):
with open(filename, 'w') as f: with open(filename, 'w') as f:
content = json.dump(content, f, indent=1) content = json.dump(content, f, indent=1)
def drop_privileges(uid_name='nobody', gid_name='nogroup'):
# from http://stackoverflow.com/a/2699996
if os.getuid() != 0:
# We're not root so, like, whatever dude
return
# Get the uid/gid from the name
running_uid = pwd.getpwnam(uid_name).pw_uid
running_gid = grp.getgrnam(gid_name).gr_gid
# Remove group privileges
os.setgroups([])
# Try setting the new uid/gid
os.setgid(running_gid)
os.setuid(running_uid)
# Ensure a very conservative umask
old_umask = os.umask(077)