def _process_securely(self, operation, path, request, *args, **kw):
user = request.user_object()
groups = os.getgroups()
is_root = not os.getuid()
uid = os.geteuid()
gid = os.getegid()
if not is_root:
msg = (
"Framework is not running as root so effective uid "
"and gid are not being changed prior to doing %s: "
"%s" % (request.get_command(), path)
)
msglog.log("FileRequestHandler", msglog.types.WARN, msg)
else:
if self.debug:
msg = "%s command: file %s, user %s" % (request.get_command(), path, user.name())
msglog.log(self.name, msglog.types.DB, msg)
os.setgroups(user.group_ids())
os.setegid(user.gid())
os.seteuid(user.uid())
try:
result = operation(path, request, *args, **kw)
finally:
if is_root:
os.seteuid(uid)
os.setegid(gid)
os.setgroups(groups)
return result
def SetIDs_callback():
if gid is not -1:
os.setgroups([gid])
os.setgid(gid)
if uid is not -1:
os.setuid(uid)
os.environ["HOME"] = os.path.expanduser("~" + User)
def test_os_setgroups(self):
os = self.posix
raises(TypeError, os.setgroups, [2, 5, "hello"])
try:
os.setgroups(os.getgroups())
except OSError:
pass
def drop_privs():
try:
new_uid = int(os.getenv('SUDO_UID'))
new_gid = int(os.getenv('SUDO_GID'))
except TypeError:
# they were running directly from a root user and didn't have
# sudo env variables
print """[!] WARNING: Couldn't drop privileges! To avoid this error, run from a non-root user.
You may also use sudo, from a non-root user. Continue? (y/n)""",
if raw_input().lower()[0] == 'y':
return
die()
debug.info('Dropping privileges to uid: {}, gid: {}'.format(new_uid,
new_gid))
# drop group before user, because otherwise you're not privileged enough
# to drop group
os.setgroups([])
os.setregid(new_gid, new_gid)
os.setreuid(new_uid, new_uid)
# check to make sure we can't re-escalate
try:
os.seteuid(0)
print '[!] WARNING: Failed to drop privileges! Continue? (y/n)',
if raw_input().lower()[0] != 'y':
die()
except OSError:
return
def drop_privs(username, groupname, umask=None):
"""Drop process privileges to specified user and group.
Privileges will only be dropped if current uid is root.
Args:
username: drop user privileges to username
groupname: drop group privilegs to groupname
umask: if provided, process umask will be changed accordingly.
"""
#If not root, nothing to drop.
if os.getuid() != 0:
return
uid = pwd.getpwnam(username).pw_uid
gid = grp.getgrnam(groupname).gr_gid
#Remove groups
os.setgroups([])
#Set gid and uid
os.setgid(gid)
os.setuid(uid)
#Set umask if provided
if umask is not None:
os.umask(umask)
def drop_privileges(user, group):
if user is None:
uid = os.getuid()
elif user.lstrip("-").isdigit():
uid = int(user)
else:
uid = pwd.getpwnam(user).pw_uid
if group is None:
gid = os.getgid()
elif group.lstrip("-").isdigit():
gid = int(group)
else:
gid = grp.getgrnam(group).gr_gid
username = pwd.getpwuid(uid).pw_name
# groupname = grp.getgrgid(gid).gr_name
groups = [g for g in grp.getgrall() if username in g.gr_mem]
os.setgroups(groups)
if hasattr(os, 'setresgid'):
os.setresgid(gid, gid, gid)
else:
os.setregid(gid, gid)
if hasattr(os, 'setresuid'):
os.setresuid(uid, uid, uid)
else:
os.setreuid(uid, uid)
def drop_privileges(self, uid_name=None, gid_name=None):
""" Drop privileges
Found in https://github.com/zedshaw/python-lust/blob/master/lust/unix.py
"""
if os.getuid() != 0:
self.logger.warning("Must be root to drop privileges!")
return
# Get the uid/gid from the name. If no group given, then derive group from uid_name
if uid_name is None:
uid_name = "nobody" # builtin default is nobody
running_uid = pwd.getpwnam(uid_name).pw_uid
if gid_name is None:
running_gid = pwd.getpwnam(uid_name).pw_gid
else:
running_gid = grp.getgrnam(gid_name).gr_gid
self.logger.debug("Running as %r.%r" % (running_uid, running_gid))
# Remove group privileges
os.setgroups([])
# Try setting the new uid/gid
os.setgid(running_gid)
os.setuid(running_uid)
# Ensure a very conservative umask
os.umask(077)
def _runAsUser(self, f, *args, **kw):
""" Method to logged-in a user.
"""
user_is_root = os.getuid() == 0 # for tests
if user_is_root:
euid = os.geteuid()
egid = os.getegid()
groups = os.getgroups()
uid, gid = self.getUserGroupId()
os.setegid(0)
os.seteuid(0)
os.setgroups(self.getOtherGroups())
os.setegid(gid)
os.seteuid(uid)
try:
f = iter(f)
except TypeError:
f = [(f, args, kw)]
try:
for i in f:
func = i[0]
args = len(i) > 1 and i[1] or ()
kw = len(i) > 2 and i[2] or {}
r = func(*args, **kw)
finally:
if user_is_root:
os.setegid(0)
os.seteuid(0)
os.setgroups(groups)
os.setegid(egid)
os.seteuid(euid)
return r
def demote(self, uid):
try:
username = pwd.getpwuid(uid).pw_name
gid = pwd.getpwuid(uid).pw_gid
except KeyError:
username = None
gid = uid
if os.getuid() == uid:
return
else:
if os.getuid() != 0:
logging.warn('Running as a limited user, setuid() unavailable!')
return
logging.info(
'Worker %s is demoting to UID %s / GID %s...',
os.getpid(),
uid,
gid
)
groups = [
g.gr_gid
for g in grp.getgrall()
if username in g.gr_mem or g.gr_gid == gid
]
os.setgroups(groups)
os.setgid(gid)
os.setuid(uid)
logging.info(
'...done, new EUID %s EGID %s',
os.geteuid(),
os.getegid()
)
def run(self):
if not self.runable:
print 'Process not runable, returning'
return False
# Drop privileges
os.setgroups([])
os.setgid(self.gid)
os.setuid(self.uid)
ppid = os.getppid()
while True:
try:
line = self.work_queue.get(timeout=0.5)
if not line:
'Parent process is asking us to exit'
return True
line = line.decode('utf-8').encode('ASCII', 'ignore')
except KeyboardInterrupt:
return False
except UnicodeDecodeError:
print 'Unicode Error, skipping entry'
continue
except QueueEmpty:
if os.getppid() != ppid:
return False
continue
try:
entry = SyslogEntry.from_line(line)
except pyparsing.exceptions.Exception:
continue
self.process_entry(entry)
def _runAsUser(self, f, *args, **kw):
euid = os.geteuid()
egid = os.getegid()
groups = os.getgroups()[:16]
uid, gid = self.getUserGroupId()
os.setegid(0)
os.seteuid(0)
os.setgroups(self.getOtherGroups())
os.setegid(gid)
os.seteuid(uid)
try:
f = iter(f)
except TypeError:
f = [(f, args, kw)]
try:
for i in f:
func = i[0]
args = len(i)>1 and i[1] or ()
kw = len(i)>2 and i[2] or {}
r = func(*args, **kw)
finally:
os.setegid(0)
os.seteuid(0)
os.setgroups(groups)
os.setegid(egid)
os.seteuid(euid)
return r
def change_uid(self):
c_user = self.config.uid
c_group = self.config.gid
if os.getuid() == 0:
cpw = pwd.getpwnam(c_user)
c_uid = cpw.pw_uid
if c_group:
cgr = grp.getgrnam(c_group)
c_gid = cgr.gr_gid
else:
c_gid = cpw.pw_gid
c_groups = []
for item in grp.getgrall():
if c_user in item.gr_mem:
c_groups.append(item.gr_gid)
if c_gid not in c_groups:
c_groups.append(c_gid)
os.chown(self.config.rundir, c_uid, c_gid)
os.chown(self.config.pidfile, c_uid, c_gid)
for item in glob.glob(self.config.rundir + '/*'):
os.chown(item, c_uid, c_gid)
os.setgid(c_gid)
os.setgroups(c_groups)
os.setuid(c_uid)
def drop_privileges(uid_name, gid_name):
# We're not root, so everythings fine then..
if os.getuid() != 0:
return
# Get the uid/gid from the name
try:
running_uid = pwd.getpwnam(uid_name).pw_uid
except KeyError:
e = 'Unable to drop privileges. No such user: {}'.format(uid_name)
logger.critical(e)
exit(e)
try:
running_gid = grp.getgrnam(gid_name).gr_gid
except KeyError:
e = 'Unable to drop privileges. No such group: {}'.format(gid_name)
logger.critical(e)
exit(e)
# Remove group privileges
os.setgroups([])
# Try setting the new uid/gid
os.setgid(running_gid)
os.setuid(running_uid)
# Ensure a very conservative umask
old_umask = os.umask(077)
def dropPrivileges():
nobody = pwd.getpwnam('nobody')
adm = grp.getgrnam('adm')
os.setgroups([adm.gr_gid])
os.setgid(adm.gr_gid)
os.setuid(nobody.pw_uid)
def release_privileges( uid_name, gid_name ):
if os.getuid() != 0:
# not root, so nothing to do
return 0
# get desired uid/gid
try:
running_pwd = pwd.getpwnam( uid_name )
running_uid = running_pwd.pw_uid
except KeyError:
log.error("No such user '%s'" % uid_name)
return -errno.EINVAL
try:
running_grp = grp.getgrnam( gid_name )
running_gid = running_grp.gr_gid
except KeyError:
log.error("No such group '%s'" % gid_name)
return -errno.EINVAL
# unset groups
os.setgroups( [] )
# set new uid/gid
os.setgid( running_gid )
os.setuid( running_uid )
return 0
def __enter__(self):
if self.uid:
self.saved_uid = os.geteuid()
self.saved_groups = os.getgroups()
if self.uid:
os.setgroups(self.saved_groups + [AID_INET])
os.seteuid(self.uid)
def resolve_parameters(args, defaults, types, drop_user=False):
s = Configuration()
if args.recommended_settings:
s.from_file(os.path.join(VMCLOAK_ROOT, 'data', 'recommended.ini'))
for settings in args.settings:
s.from_file(settings)
s.from_args(args)
s.from_defaults(defaults)
s.apply_types(types)
if s.user and not drop_user:
try:
user = pwd.getpwnam(s.user)
os.setgroups((user.pw_gid,))
os.setgid(user.pw_gid)
os.setuid(user.pw_uid)
os.environ['HOME'] = user.pw_dir
except KeyError:
raise Exception('Invalid user specified to drop '
'privileges to: %s' % s.user)
except OSError as e:
raise Exception('Failed to drop privileges: %s' % e)
# Resolve the parameters again, but this time without applying the
# user argument. This way paths that use os.getenv('HOME') will be
# correct.
return resolve_parameters(args, defaults, types, drop_user=True)
return s
def droppriv(user, group=None, umask=0022):
"""
Drops privileges to the user, group, and umask given, changes the
process to session leader, and changes working directories to /.
If a group is not given, the user's default group will be used.
Will raise an Exception with an explanatory message if the user
or group cannot be found or if permission is denied while
attempting the switch.
:param user: The user to switch to.
:param group: The group to switch to; defaults to the default
group of the user.
:param umask: The umask to set; defaults 0022.
"""
if user or group:
uid = geteuid()
try:
setgroups([])
except OSError, err:
if err.errno != EPERM:
raise
gid = getegid()
if user:
try:
pw = getpwnam(user)
except KeyError, err:
raise Exception('Cannot switch to unknown user %r.' % user)
uid = pw.pw_uid
gid = pw.pw_gid
def changeUID(chuid):
"""Change to this chuid (user:group)"""
c_user = chuid
c_group = None
if ":" in c_user:
c_user, c_group = c_user.split(":", 1)
cpw = pwd.getpwnam(c_user)
c_uid = cpw.pw_uid
if c_group:
cgr = grp.getgrnam(c_group)
c_gid = cgr.gr_gid
else:
c_gid = cpw.pw_gid
c_group = grp.getgrgid(cpw.pw_gid).gr_name
c_groups = []
for item in grp.getgrall():
if c_user in item.gr_mem:
c_groups.append(item.gr_gid)
if c_gid not in c_groups:
c_groups.append(c_gid)
os.setgid(c_gid)
os.setgroups(c_groups)
os.setuid(c_uid)
def set_user(uid, assign_all_groups):
try:
# Get user's default group and set it to current process to make sure
# file permissions are inherited correctly
# Solves issue with permission denied for JSON files
gid = pwd.getpwuid(uid).pw_gid
import grp
os.setgid(gid)
if assign_all_groups:
# Added lines to assure read/write permission for groups
user = pwd.getpwuid(uid).pw_name
groups = [g.gr_gid for g in grp.getgrall() if user in g.gr_mem]
os.setgroups(groups)
os.setuid(uid)
except OSError as e:
if e.errno == errno.EPERM:
sys.stderr.write("error: setuid(%d) failed: permission denied. Did you setup 'sudo' correctly for this script?\n" % uid)
exit(1)
else:
pass
if os.getuid() == 0:
sys.stderr.write("error: UID is 0 (root) after changing user. This script should not be run as root. aborting.\n")
exit(1)
if os.geteuid() == 0:
sys.stderr.write("error: EUID is 0 (root) after changing user. This script should not be run as root. aborting.\n")
exit(1)
def setuser(username):
if not username:
return
import pwd
import grp
try:
pwrec = pwd.getpwnam(username)
except KeyError:
sys.stderr.write('user not found: %s\n' % username)
raise
user = pwrec[0]
uid = pwrec[2]
gid = pwrec[3]
cur_uid = os.getuid()
if uid == cur_uid:
return
if cur_uid != 0:
sys.stderr.write('can not set user as nonroot user\n')
# will raise later
# inspired by supervisor
if hasattr(os, 'setgroups'):
groups = [grprec[2] for grprec in grp.getgrall() if user in grprec[3]]
groups.insert(0, gid)
os.setgroups(groups)
os.setgid(gid)
os.setuid(uid)
def drop_privileges(self):
"""drop privileges, and terminate the parent process"""
if self.DAEMONIZED:
#Child kills parent ... hmm sounds like a greek tragedy.
os.kill(self.parentPid, signal.SIGTERM)
self.parentPid = 0 #just in case
if os.getuid() != 0:
# We're not root so, like, whatever dude
return
import config
import grp
import pwd
# Get the uid/gid from the name
running_uid = pwd.getpwnam(config.DRONED_USER).pw_uid
running_gid = grp.getgrnam(config.DRONED_GROUP).gr_gid
self.log('set uid/gid %d/%d\n' % (running_uid,running_gid))
# Remove group privileges
os.setgroups([])
# Try setting the new uid/gid
os.setgid(running_gid)
os.setuid(running_uid)
# let services know it is ok to start
self.reactor.fireSystemEvent('priviledges')
#prevent this from being called ever again
self.drop_privileges = lambda: None
def drop_privileges(uid_name='localpaste'):
import os, pwd, grp
if os.getuid() != 0:
# We're not root so, like, whatever dude
logerror("You cannot drop privileges if you are not root")
# this isn't really true... if you have CAP_SETUID and CAP_SETGID, you still can, and then you need to drop caps instead
# TODO: support caps, and allow non-root to use this function
exit(1)
# Get the uid/gid from the name
target_user = pwd.getpwnam(uid_name)
target_uid = target_user.pw_uid
target_gid = target_user.pw_gid
# Remove group privileges
os.setgroups([])
# Try setting the new uid/gid
os.setgid(target_gid)
os.setuid(target_uid)
# Ensure a very conservative umask
old_umask = os.umask(0o077)
def build(self):
self.filesystem.check_root_dir()
resolvconf = self.etc_resolv_conf()
with self.user_namespace.setup_userns():
namespaces = CLONE_NEWUSER | CLONE_NEWNS | CLONE_NEWIPC | CLONE_NEWUTS | CLONE_NEWPID
if self.private_net:
namespaces |= CLONE_NEWNET
with self.private_net.setup_netns():
unshare(namespaces)
else:
unshare(namespaces)
if self.hostname:
sethostname(self.hostname)
self.filesystem.build()
if self.filesystem.special_fs:
with open('/etc/hosts', 'w') as hosts:
print >> hosts, self.etc_hosts()
with open('/etc/resolv.conf', 'w') as resolv:
print >> resolv, resolvconf
drop_caps()
os.setgroups([os.getgid()])
def check_user(user):
'''
Check user and assign process uid/gid.
'''
if salt.utils.is_windows():
return True
if user == getpass.getuser():
return True
import pwd # after confirming not running Windows
try:
pwuser = pwd.getpwnam(user)
try:
if hasattr(os, 'initgroups'):
os.initgroups(user, pwuser.pw_gid)
else:
os.setgroups(salt.utils.get_gid_list(user, include_default=False))
os.setgid(pwuser.pw_gid)
os.setuid(pwuser.pw_uid)
except OSError:
msg = 'Salt configured to run as user "{0}" but unable to switch.'
msg = msg.format(user)
if is_console_configured():
log.critical(msg)
else:
sys.stderr.write("CRITICAL: {0}\n".format(msg))
return False
except KeyError:
msg = 'User not found: "{0}"'.format(user)
if is_console_configured():
log.critical(msg)
else:
sys.stderr.write("CRITICAL: {0}\n".format(msg))
return False
return True
def drop_privileges(user: pwd.struct_passwd, group: grp.struct_group, permanent: bool = True):
"""
Drop root privileges and change to something more safe.
:param user: The tuple with user info
:param group: The tuple with group info
:param permanent: Whether we want to drop just the euid (temporary), or all uids (permanent)
"""
# Restore euid=0 if we have previously changed it
if os.geteuid() != 0 and os.getuid() == 0:
restore_privileges()
if os.geteuid() != 0:
raise RuntimeError("Not running as root: cannot change uid/gid to {}/{}".format(user.pw_name, group.gr_name))
# Remove group privileges
os.setgroups([])
if permanent:
os.setgid(group.gr_gid)
os.setuid(user.pw_uid)
else:
os.setegid(group.gr_gid)
os.seteuid(user.pw_uid)
# Ensure a very conservative umask
os.umask(0o077)
if permanent:
logger.debug("Permanently dropped privileges to {}/{}".format(user.pw_name, group.gr_name))
else:
logger.debug("Dropped privileges to {}/{}".format(user.pw_name, group.gr_name))
def drop2user(cfg):
if ('user' in cfg) and (cfg['user'] != '') and (os.getuid() == 0):
uid = pwd.getpwnam(cfg['user']).pw_uid
os.setgroups([])
os.setgid(uid)
os.setuid(uid)
os.umask(077)
def drop_privileges(uid_name='nobody', gid_name='nogroup'):
if os.getuid() != 0:
# We're not root so, like, whatever dude
return
# Get the uid/gid from the name
running_uid = pwd.getpwnam(uid_name).pw_uid
running_gid = grp.getgrnam(gid_name).gr_gid
# Remove group privileges
os.setgroups([])
# Try setting the new uid/gid
os.setgid(running_gid)
os.setuid(running_uid)
# Ensure a very conservative umask
new_umask = 0o077
old_umask = os.umask(new_umask)
print 'drop_privileges: Old mask: %s, new umask :%s' % \
(oct(old_umask), oct(new_umask))
final_uid = os.getuid()
final_gid = os.getgid()
print 'drop_privileges: running as %s/%s' % \
(pwd.getpwuid(final_uid)[0],
grp.getgrgid(final_gid)[0])
def change_uid(self):
c_user = self.config.uid
c_group = self.config.gid
if os.getuid() == 0:
cpw = pwd.getpwnam(c_user)
c_uid = cpw.pw_uid
if c_group:
cgr = grp.getgrnam(c_group)
c_gid = cgr.gr_gid
else:
c_gid = cpw.pw_gid
c_groups = []
for item in grp.getgrall():
if c_user in item.gr_mem:
c_groups.append(item.gr_gid)
if c_gid not in c_groups:
c_groups.append(c_gid)
os.chown(self.config.datadir, c_uid, c_gid)
os.chown(self.config.rundir, c_uid, c_gid)
os.chown(self.config.pidfile, c_uid, c_gid)
for root, _, filenames in os.walk(self.config.datadir):
for filename in filenames:
os.chown(os.path.join(root, filename), c_uid, c_gid)
for root, _, filenames in os.walk(self.config.rundir):
for filename in filenames:
os.chown(os.path.join(root, filename), c_uid, c_gid)
os.setgid(c_gid)
os.setgroups(c_groups)
os.setuid(c_uid)
def drop_privileges(uid='nobody', gid='nogroup', supl_groups=None):
"""
Drop privileges by changing the current process owner/group to
*uid*/*gid* (both may be an integer or a string). If *supl_groups* (list)
is given the process will be assigned those values as its effective
supplemental groups. If *supl_groups* is None it will default to using
'tty' as the only supplemental group. Example::
drop_privileges('gateone', 'gateone', ['tty'])
This would change the current process owner to gateone/gateone with 'tty' as
its only supplemental group.
.. note:: On most Unix systems users must belong to the 'tty' group to create new controlling TTYs which is necessary for 'pty.fork()' to work.
.. tip:: If you get errors like, "OSError: out of pty devices" it likely means that your OS uses something other than 'tty' as the group owner of the devpts filesystem. 'mount | grep pts' will tell you the owner.
"""
import pwd, grp
running_gid = gid
if not isinstance(uid, int):
# Get the uid/gid from the name
running_uid = pwd.getpwnam(uid).pw_uid
running_uid = uid
if not isinstance(gid, int):
running_gid = grp.getgrnam(gid).gr_gid
if supl_groups:
for i, group in enumerate(supl_groups):
# Just update in-place
if not isinstance(group, int):
supl_groups[i] = grp.getgrnam(group).gr_gid
try:
os.setgroups(supl_groups)
except OSError, e:
logging.error(_('Could not set supplemental groups: %s' % e))
exit()
def start(self):
# uid/gid
def current_ids():
"""Return the current (uid, gid) if available."""
name, group = None, None
if pwd:
name = pwd.getpwuid(os.getuid())[0]
if grp:
group = grp.getgrgid(os.getgid())[0]
return name, group
if self.finalized:
if not (self.uid is None and self.gid is None):
self.bus.log('Already running as uid: %r gid: %r' %
current_ids())
else:
if self.uid is None and self.gid is None:
if pwd or grp:
self.bus.log('uid/gid not set', level=30)
else:
self.bus.log('Started as uid: %r gid: %r' % current_ids())
if self.gid is not None:
os.setgid(self.gid)
os.setgroups([])
if self.uid is not None:
os.setuid(self.uid)
self.bus.log('Running as uid: %r gid: %r' % current_ids())
# umask
if self.finalized:
if self.umask is not None:
self.bus.log('umask already set to: %03o' % self.umask)
else:
if self.umask is None:
self.bus.log('umask not set', level=30)
else:
old_umask = os.umask(self.umask)
self.bus.log('umask old: %03o, new: %03o' %
(old_umask, self.umask))
self.finalized = True
def change_user_group(self, user, group):
if not user and not group:
return
import pwd, grp
uid = gid = None
if group:
try:
gid = int(group)
group = grp.getgrgid(gid).gr_name
except ValueError:
import grp
try:
entry = grp.getgrnam(group)
except KeyError:
raise BadCommand("Bad group: %r; no such group exists" %
group)
gid = entry.gr_gid
try:
uid = int(user)
user = pwd.getpwuid(uid).pw_name
except ValueError:
try:
entry = pwd.getpwnam(user)
except KeyError:
raise BadCommand("Bad username: %r; no such user exists" %
user)
if not gid:
gid = entry.pw_gid
uid = entry.pw_uid
if self.verbose > 0:
print('Changing user to %s:%s (%s:%s)' %
(user, group or '(unknown)', uid, gid))
if hasattr(os, 'initgroups'):
os.initgroups(user, gid)
else:
os.setgroups(
[e.gr_gid for e in grp.getgrall() if user in e.gr_mem] + [gid])
if gid:
os.setgid(gid)
if uid:
os.setuid(uid)
def drop_privileges():
sys.stderr.write('dropping privileges\n')
os.setgroups([])
gid = int(os.getenv('SUDO_GID'))
uid = int(os.getenv('SUDO_UID'))
pwname = os.getenv('SUDO_USER')
os.setresgid(gid, gid, gid)
os.initgroups(pwname, gid)
os.setresuid(uid, uid, uid)
pw = pwd.getpwuid(uid)
path = os.environ['PATH']
display = os.environ['DISPLAY']
# we completely clear the environment and start a new and controlled one
os.environ.clear()
os.environ['XDG_RUNTIME_DIR'] = f'/run/user/{uid}'
os.environ['HOME'] = pw.pw_dir
os.environ['PATH'] = path
os.environ['DISPLAY'] = display
def _enforce_user(self):
'''Set the correct user'''
try:
pw = pwd.getpwnam(self.user)
except:
msg = "ERROR: the configured user %r does not exists" % self.user
raise SystemExit(msg)
if pw.pw_uid == os.getuid():
return
try:
os.setgroups(
[e.gr_gid for e in grp.getgrall() if pw.pw_name in e.gr_mem] +
[pw.pw_gid])
os.setgid(pw.pw_gid)
os.setuid(pw.pw_uid)
os.setegid(pw.pw_gid)
os.seteuid(pw.pw_uid)
except:
msg = "ERROR: please run barman as %r user" % self.user
raise SystemExit(msg)
os.environ['HOME'] = pw.pw_dir
def initial_program_setup_root():
if (cadm_gid == 0):
print("I am not willing to run in group root")
os.exit(1)
if (cadm_uid == 0):
print("I am not willing to run as root")
os.exit(1)
try:
os.mkdir(lockFileDir)
os.chown(lockFileDir, cadm_uid, cadm_gid)
except OSError as err:
print("cannot mkdir " + lockFileName + " {0}\n)".format(err))
signal.signal(signal.SIGTERM, sigterm_handler)
signal.signal(signal.SIGINT, sigint_handler)
groups = [997, 999] # gpio and spi
os.setgroups(groups)
os.setgid(cadm_gid)
os.setuid(cadm_uid)
def drop_privileges(uid_name='nobody'):
"""Drop root privileges."""
if os.getuid() != 0:
# We're not root, nothing to do.
return
# Get the uid/gid from the name
(running_uid, _gid) = get_uid_gid(uid_name)
# Remove group privileges
os.setgroups([])
# Try setting the new uid/gid
os.setuid(running_uid)
# Ensure a very conservative umask
os.umask(0o77)
# TODO: probably redundant, as it will not have access to the
# cred cache anyway.
os.environ['KRB5CCNAME'] = 'FILE:/no_such_krbcc'
def preexec_fn():
if runas is not None:
pent = pwd.getpwnam(runas)
suplementary_gids = [
grp.getgrnam(group).gr_gid for group in suplementary_groups
]
root_logger.debug('runas=%s (UID %d, GID %s)', runas, pent.pw_uid,
pent.pw_gid)
if suplementary_groups:
for group, gid in zip(suplementary_groups, suplementary_gids):
root_logger.debug('suplementary_group=%s (GID %d)', group,
gid)
os.setgroups(suplementary_gids)
os.setregid(pent.pw_gid, pent.pw_gid)
os.setreuid(pent.pw_uid, pent.pw_uid)
if umask:
os.umask(umask)
def switch_user(name="softwarecollections"):
"""Change the current user to the specified one.
Keyword arguments:
name: The name (login) of the user to switch to.
Must exists on the system.
"""
user = pwd.getpwnam(name)
groups = [g.gr_gid for g in grp.getgrall() if user.pw_name in g.gr_mem]
# Execution context
os.setgid(user.pw_gid)
os.setgroups(groups)
os.setuid(user.pw_uid)
# Environment
os.environ.update(USER=user.pw_name,
LOGNAME=user.pw_name,
HOME=user.pw_dir,
SHELL=user.pw_shell)
def drop_privileges(uid_name='alpha', gid_name='alpha'):
""" Drop privileges of current process to given user and group """
if os.getuid() != 0:
# We're not root so, like, whatever dude
return
# Get the uid/gid from the name
pwstruct = pwd.getpwnam(uid_name)
running_uid = pwstruct.pw_uid
running_gid = pwstruct.pw_gid
# Remove group privileges
os.setgroups([])
# Try setting the new uid/gid
os.setgid(running_gid)
os.setuid(running_uid)
# Ensure a very conservative umask
old_umask = os.umask(077)
def drop_privileges(uid_name , gid_name):
logtime = time.strftime("%Y-%m-%dT%H:%M:%S",time.localtime(time.time())) + str(time.time()-int(time.time()))[1:8]
eprint(logtime + " [PID " + str(os.getpid()) + "]" + " ...trying to Drop root priviliges...")
if os.getuid() != 0: # if not root do nothing
eprint(logtime + " [PID " + str(os.getpid()) + "]" + " ...nothing to do. Running with UID: " + str(os.getuid()) + " GID: " + str(os.getgid()))
return
# Get the uid/gid from the name
running_uid = pwd.getpwnam(uid_name).pw_uid
running_gid = grp.getgrnam(gid_name).gr_gid
# Remove group privileges
os.setgroups([])
# Try setting the new uid/gid
os.setgid(running_gid)
os.setuid(running_uid)
eprint(logtime + " [PID " + str(os.getpid()) + "]" + " ...done. Running with UID: " + str(os.getuid()) + " GID: " + str(os.getgid()))
return
def set_user(uid, assign_all_groups):
try:
# Get user's default group and set it to current process to make sure file permissions are inherited correctly
# Solves issue with permission denied for JSON files
gid = pwd.getpwuid(uid).pw_gid
import grp
os.setgid(gid)
if assign_all_groups:
# Added lines to assure read/write permission for groups
user = pwd.getpwuid(uid).pw_name
groups = [g.gr_gid for g in grp.getgrall() if user in g.gr_mem]
os.setgroups(groups)
os.setuid(uid)
except OSError, e:
if e.errno == errno.EPERM:
sys.stderr.write( "error: setuid(%d) failed: permission denied. Did you setup 'sudo' correctly for this script?\n" % uid )
exit(1)
else:
pass
def demote(self):
# demote root user to any specified user or group
try:
if os.getuid() == 0:
# drop supplementary groups
os.setgroups([])
if self.group:
try:
os.setgid(self.the_grp.gr_gid)
except Exception, ex:
logging.critical("failed to set group to \"%s\" [%s]" %
(self.group, str(ex)))
sys.exit(1)
if self.user:
try:
the_pwd = pwd.getpwnam(self.user)
os.setuid(self.the_pwd.pw_uid)
except Exception, ex:
logging.critical("failed to set user to \"%s\" [%s]" %
(self.user, str(ex)))
sys.exit(1)
def run_as(pwent, umask=0o22):
"""Drop privileges to given user's password entry, and set up
environment. Assumes the parent process has root privileges.
"""
os.umask(umask)
home = pwent.home
try:
os.chdir(home)
except OSError:
os.chdir("/")
# drop privs to user
os.setgroups(pwent.groups)
os.setgid(pwent.gid)
os.setegid(pwent.gid)
os.setuid(pwent.uid)
os.seteuid(pwent.uid)
os.environ["HOME"] = home
os.environ["USER"] = pwent.name
os.environ["LOGNAME"] = pwent.name
os.environ["SHELL"] = pwent.shell
os.environ["PATH"] = "/bin:/usr/bin:/usr/local/bin"
def _child(self, path):
# Avoid running lintian as root
try:
os.setgroups([self.transaction.gid])
except OSError:
pass
os.setgid(self.transaction.gid)
os.setuid(self.transaction.uid)
if platform.dist()[1] == "debian":
profile = "debian/aptdaemon"
else:
profile = "ubuntu/aptdaemon"
# If HOME isn't set lintian won't try to load user profiles
os.unsetenv("HOME")
lintian_path = apt_pkg.config.find_file("Dir::Bin::Lintian",
"/usr/bin/lintian")
os.execlp(lintian_path, lintian_path, "--no-cfg", "--fail-on-warnings",
"--profile", profile, path)
os._exit(1)
def set_sups(target_sups):
"""
This is designed to give us a layer of abstraction from the system calls.
It also accommodates FreeBSD's idiosyncrasy (which is POSIX-compliant) of
keeping the egid in the supplementary groups list.
It also makes an effort to not call the setgroups routine if the target
group list is identical to the current one in force.
"""
global os_kernel
if os_kernel == 'FreeBSD':
target_sups = [os.getegid()] + target_sups
if os.geteuid() == 0:
# This will raise an OSError exception if it fails
os.setgroups(target_sups)
else:
cur_sups = get_sups()
# This will probably fail
if not eql_sups(cur_sups, target_sups):
# This will raise an OSError exception if it fails
os.setgroups(target_sups)
return True
def drop_privileges(self, uid_name, gid_name):
if os.getuid() != 0:
# We're not root so, like, whatever dude
self.logger.info("Not running as root. Cannot drop permissions.")
return
# Get the uid/gid from the name
running_uid = pwd.getpwnam(uid_name).pw_uid
running_gid = grp.getgrnam(gid_name).gr_gid
# Remove group privileges
os.setgroups([])
# Try setting the new uid/gid
os.setgid(running_gid)
os.setuid(running_uid)
# Ensure a very conservative umask
old_umask = os.umask(0o077)
self.logger.info("Changed permissions to: %s: %i, %s, %i" %
(uid_name, running_uid, gid_name, running_gid))
def drop_privs(self,
username='******',
groupname='nobody',
keep_supplemental_groups=True):
"""Drop privileges of the current process to specified unprivileged user and group. If keep_supplemental_groups is True,
the process will also be associated with all groups the unprivileged user belongs to.
"""
try:
running_uid = pwd.getpwnam(username).pw_uid
running_gid = grp.getgrnam(groupname).gr_gid
except Exception:
raise Exception(
'Can not drop privileges, user %s or group %s does not exist' %
(username, groupname))
new_umask = 0o077
os.umask(new_umask)
os.setgid(running_gid)
if keep_supplemental_groups:
os.setgroups(self._get_group_ids(username))
os.setuid(running_uid)
def change_process_owner(uid, gid):
""" Change the owning UID and GID of this process.
Sets the GID then the UID of the process (in that order, to
avoid permission errors) to the specified `gid` and `uid`
values. Requires appropriate OS privileges for this process.
"""
try:
# KC custom modification of python-daemon.
# If we cannot get rid of the groups, leave them.
try:
os.setgroups([])
except Exception as exc:
pass
os.setgid(gid)
os.setuid(uid)
except Exception as exc:
error = DaemonOSEnvironmentError(
"Unable to change process owner (%(exc)s)" % vars())
raise error
def test_keep_groups():
if os.getuid() != 0:
return 77
oldgroups = os.getgroups()
out = ""
try:
os.setgroups([1, 2, 3, 4, 5])
conf = base_config()
conf['process']['args'] = ['/init', 'cat', '/proc/self/status']
add_all_namespaces(conf)
conf['annotations'] = {}
conf['annotations']['run.oci.keep_original_groups'] = "1"
out, _ = run_and_get_output(conf)
finally:
os.setgroups(oldgroups)
proc_status = parse_proc_status(out)
ids = proc_status['Groups'].split()
if len(ids) == 0:
return -1
return 0
def _dropPrivileges(config, init_chroot=None):
""" @param init_chroot Callback function to call before creating the chroot """
uid = None
if config['dropuser'] is not None:
uname = config['dropuser']
gname = config['dropgroup']
if isinstance(uname, int):
uid = uname
if gname is None:
gname = pwd.getpwuid(uid).pw_gid
else:
pw = pwd.getpwnam(uname)
uid = pw.pw_uid
if gname is None:
gname = pw.pw_gid
if isinstance(gname, int):
gid = gname
else:
gid = grp.getgrnam(gname).gr_gid
if config['chroot']:
if config['chroot_mkdir']:
if not os.path.exists(config['chroot']):
os.mkdir(config['chroot'], 0o700)
if config['workarounds']:
_workaround_preload_codecs()
os.chroot(config['chroot'])
os.chdir('/')
if init_chroot:
init_chroot()
if uid is not None:
os.setgroups([])
os.setgid(gid)
os.setuid(uid)
def setuidgid(uid, gid):
if not POSIX:
return
log = get_util_logger()
if os.getuid()!=uid or os.getgid()!=gid:
#find the username for the given uid:
from pwd import getpwuid
try:
username = getpwuid(uid).pw_name
except KeyError:
raise Exception("uid %i not found" % uid)
#set the groups:
if hasattr(os, "initgroups"): # python >= 2.7
os.initgroups(username, gid)
else:
import grp #@UnresolvedImport
groups = [gr.gr_gid for gr in grp.getgrall() if (username in gr.gr_mem)]
os.setgroups(groups)
#change uid and gid:
try:
if os.getgid()!=gid:
os.setgid(gid)
except OSError as e:
log.error("Error: cannot change gid to %i:", gid)
if os.getgid()==0:
#don't run as root!
raise
log.error(" %s", e)
log.error(" continuing with gid=%i", os.getgid())
try:
if os.getuid()!=uid:
os.setuid(uid)
except OSError as e:
log.error("Error: cannot change uid to %i:", uid)
if os.getuid()==0:
#don't run as root!
raise
log.error(" %s", e)
log.error(" continuing with uid=%i", os.getuid())
log("new uid=%s, gid=%s", os.getuid(), os.getgid())
def drop_priviledges(self, user):
if user is None:
return "No user specified to setuid to!"
try:
uid = int(user)
except ValueError:
try:
pwrec = pwd.getpwnam(user)
except KeyError:
return "Can't find username %r" % user
uid = pwrec[2]
else:
try:
pwrec = pwd.getpwuid(uid)
except KeyError:
return "Can't find uid %r" % uid
current_uid = os.getuid()
if current_uid == uid:
return ""
if current_uid != 0:
return "Can't drop privilege as nonroot user"
gid = pwrec[3]
if hasattr(os, 'setgroups'):
user = pwrec[0]
groups = [grprec[2] for grprec in grp.getgrall() if user in
grprec[3]]
groups.insert(0, gid)
try:
os.setgroups(groups)
except OSError:
return 'Could not set groups of effective user'
try:
os.setgid(gid)
except OSError:
return 'Could not set group id of effective user'
os.setuid(uid)
return "User set for the process"
def EnterSandbox(user: str, group: str) -> None:
"""Enters the sandbox.
Drops root privileges, by changing the user and group.
Args:
user: New UNIX user name to run as. If empty then the user is not changed.
group: New UNIX group name to run as. If empty then the group is not
changed.
"""
if not (user or group):
return
# Disable networking and IPC by creating new (empty) namespaces for the
# current process.
libc = ctypes.cdll.LoadLibrary(ctypes.util.find_library("c"))
unshare = getattr(libc, "unshare", None)
if unshare:
unshare.argtypes = [ctypes.c_int]
unshare.restype = ctypes.c_int
def Unshare(flags: int) -> None:
res = unshare(flags)
if res == 0:
return
error = ctypes.get_errno()
if error != errno.EINVAL:
raise Error(f"unshare({flags}) failed with error {error}.")
Unshare(CLONE_NEWNET)
Unshare(CLONE_NEWIPC)
if group:
gid = grp.getgrnam(group).gr_gid
os.setgroups([gid])
os.setresgid(gid, gid, gid)
if user:
uid = pwd.getpwnam(user).pw_uid
os.setresuid(uid, uid, uid)
def check_user(user):
"""
Check user and assign process uid/gid.
"""
if salt.utils.platform.is_windows():
return True
if user == salt.utils.user.get_user():
return True
# after confirming not running Windows
pwuser = _get_pwnam(user)
try:
if hasattr(os, "initgroups"):
os.initgroups(user, pwuser.pw_gid) # pylint: disable=minimum-python-version
else:
os.setgroups(salt.utils.user.get_gid_list(user, include_default=False))
os.setgid(pwuser.pw_gid)
os.setuid(pwuser.pw_uid)
# We could just reset the whole environment but let's just override
# the variables we can get from pwuser
if "HOME" in os.environ:
os.environ["HOME"] = pwuser.pw_dir
if "SHELL" in os.environ:
os.environ["SHELL"] = pwuser.pw_shell
for envvar in ("USER", "LOGNAME"):
if envvar in os.environ:
os.environ[envvar] = pwuser.pw_name
except OSError:
msg = 'Salt configured to run as user "{}" but unable to switch.'.format(user)
if is_console_configured():
log.critical(msg)
else:
sys.stderr.write("CRITICAL: {}\n".format(msg))
return False
return True
def _dropToUser(self, user, group):
rtn = False
cur_user = os.getuid()
cur_group = os.getgid()
print user
if user:
try:
running_uid = pwd.getpwnam(user).pw_uid
except KeyError as e:
self.loghandle.critical(e)
else:
running_uid = cur_user
if group:
try:
running_gid = grp.getgrnam(group).gr_gid
except KeyError as e:
self.loghandle.critical(e)
else:
running_gid = cur_group
# Remove group privileges
# Ensure a very conservative umask
old_umask = os.umask(077)
if os.getuid() != 0:
if cur_user != running_uid:
self.loghandle.critical(
'Not running as root, unable to drop to configged user')
elif cur_group != running_gid:
self.loghandle.critical(
'Not running as root, unable to drop to configged group')
else:
rtn = True
else:
os.setgroups([])
os.setgid(running_gid)
os.setuid(running_uid)
self.loghandle.info('Dropped to %s:%s', user, group)
rtn = True
return rtn
def _drop_privileges(self):
if os.getuid() != 0:
# we are not root, so we cant drop privs
logger.warn(
"we are not starting up as root. this should be impossible!")
return
# get uid/gid of user we want to become
uid = getpwnam(self.user).pw_uid
gid = getgrnam(self.group).gr_gid
# try setting the uid
try:
os.setgroups([])
os.setgid(gid)
os.setuid(uid)
except:
logger.warn("unable to drop privileges to %s:%s [%d:%d]" %
(self.user, self.group, uid, gid))
else:
logger.debug("successfully dropped privileges to %s:%s [%d:%d]" %
(self.user, self.group, uid, gid))
def setup_uid_manager(mockgid):
unprivUid = os.getuid()
unprivGid = os.getgid()
# sudo
if os.environ.get("SUDO_UID") is not None:
unprivUid = int(os.environ['SUDO_UID'])
os.setgroups((mockgid, ))
unprivGid = int(os.environ['SUDO_GID'])
# consolehelper
if os.environ.get("USERHELPER_UID") is not None:
unprivUid = int(os.environ['USERHELPER_UID'])
unprivName = pwd.getpwuid(unprivUid).pw_name
secondary_groups = [
g.gr_gid for g in grp.getgrall() if unprivName in g.gr_mem
]
os.setgroups([mockgid] + secondary_groups)
unprivGid = pwd.getpwuid(unprivUid)[3]
uidManager = mockbuild.uid.UidManager(unprivUid, unprivGid)
return uidManager
def drop_privileges(uid_name, gid_name='nogroup'):
# Get the uid/gid from the name
running_uid = pwd.getpwnam(uid_name).pw_uid
running_uid_home = pwd.getpwnam(uid_name).pw_dir
running_gid = grp.getgrnam(gid_name).gr_gid
# Remove group privileges
os.setgroups([])
# Try setting the new uid/gid
os.setgid(running_gid)
os.setuid(running_uid)
# Ensure a very conservative umask
old_umask = os.umask(77)
if os.getuid() == running_uid and os.getgid() == running_gid:
# could be useful
os.environ['HOME'] = running_uid_home
return True
return False
def daemon(user, group, path='/', pidfile='/tmp/%s.pid' % __default_servicename__, other_groups=()):
'''
Daemonizes current application.
'''
# Get uid and gid from user and group names
uid = int(pwd.getpwnam(user)[2])
gid = int(grp.getgrnam(group)[2])
# Get ID of other groups
other_groups_id = []
for name in other_groups:
try:
other_groups_id.append(int(grp.getgrnam(name)[2]) )
except:
pass
# First fork
pid = gevent.fork()
if not pid == 0:
os._exit(0)
# Creates a session and sets the process group ID
os.setsid()
# Second fork
pid = gevent.fork()
if not pid == 0:
os._exit(0)
# Change directoty
os.chdir(path)
# Set umask
os.umask(0)
# Write pidfile
open(pidfile, 'w').write(str(os.getpid()))
# Set group and groups
os.setgid(gid)
if other_groups_id:
os.setgroups(other_groups_id)
# Set user
os.setuid(uid)
# Redirect stdout/stderr to /dev/null
sys.stdout = sys.stderr = open(os.devnull, 'a+')
gevent.reinit()
def permissionsUser(uid, gid):
"""Sets the effective gid/uid to supplied values"""
if platform.system() == 'Windows':
return
if os.getuid() != 0:
return
PERMISSIONS.acquire()
__becomeRoot()
try:
username = pwd.getpwuid(uid).pw_name
usergroups = [g.gr_gid for g in grp.getgrall() if username in g.gr_mem]
if rqconstants.LAUNCH_FRAME_USER_GID:
groups = [rqconstants.LAUNCH_FRAME_USER_GID] + usergroups
else:
groups = usergroups
os.setgroups(groups)
except Exception:
pass
os.setegid(gid)
os.seteuid(uid)