コード例 #1
0
 def drop_privileges(self):
     process_options = self.cfg.process[self.program]
     user = process_options.user
     group = process_options.group
     if user or group:
         if os.getuid() == 0:
             system.drop_privileges(user, group)
         else:
             warnings.warn('Only superuser can drop privileges.')
コード例 #2
0
 def drop_privileges(self):
     process_options = self.cfg.process.get(self.program)
     user = process_options.get('user')
     group = process_options.get('group')
     if user or group:
         if os.getuid() == 0:
             system.drop_privileges(user, group)
         else:
             warnings.warn('Only superuser can drop privileges.')
コード例 #3
0
def _daemonize(args):
    from slimta.util import system
    from gevent import sleep

    if args.daemon:
        system.redirect_stdio(args.logfile, args.errorfile)
        system.daemonize()
    sleep(0.1)
    if args.user:
        system.drop_privileges(args.user, args.group)
コード例 #4
0
ファイル: slimta-mail.py プロジェクト: you4you4/python-slimta 
def _daemonize(args):
    from slimta.util import system
    from gevent import sleep

    if args.daemon:
        system.redirect_stdio(args.logfile, args.errorfile)
        system.daemonize()
    sleep(0.1)
    if args.user:
        system.drop_privileges(args.user, args.group)
コード例 #5
0
    # Run:
    try:

        _mda_domain = config['MDA'][
            'domain']  # I wish I didn't have to have this global, but I see no other way to get mda_domain into the SMTP_Validators subclass: MDA_Validators

        msa = MSA()
        mda = MDA(msa, config['MDA']['mail_list_url'], config['MDA']['domain'],
                  config['MDA']['mail_list_subject_prefix'])

        # System:
        gevent.sleep(
            0.5
        )  # sometimes gevent will not have opened the ports by the time you drop privileges and then it will fail, so calling a short sleep will make sure everything is ready.
        system.drop_privileges('vmail', 'vmail')  # see "Note 1" below!
        #system.redirect_stdio()  # Redirects all streams to /dev/null by default.

        # daemonize after debugging:
        #system.daemonize() # NO!: we're managing the edges via joinall() below!

        gevent.joinall((msa.edge, mda.edge))
    except KeyboardInterrupt:
        msa.kill()
        mda.kill()
        pass
"""
Note 1:
In dovecot, we made a special user vmail, as suggested/best-practice, for dovecot-lda mail delivery.  But note, this
must also be the user slimta downgrades to when running as MDA.  It's not good enough to set file group permissions that seem sufficient
(e.g., by putting a slimta downgrade user and the vmail user both in an "mta" group, or whatever) - the socket dovecot creates is owned