def run_stager(params):
params["puid"] = os.geteuid()
pid = Popen(["sudo", "-n", "-u", params["user"], PILOT_STAGER],
stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=True)
stdout, stderr = pid.communicate(json.dumps(params))
result = json.loads(stdout)
return result
def change_uid_gid(uid, gid=None):
"""Try to change UID and GID to the provided values.
UID and GID are given as names like 'nobody' not integer.
Src: http://mail.mems-exchange.org/durusmail/quixote-users/4940/1/
"""
if not os.geteuid() == 0:
# Do not try to change the gid/uid if not root.
return
(uid, gid) = get_uid_gid(uid, gid)
os.setgid(gid)
os.setuid(uid)
def drop_privileges_if_necessary(options):
if os.geteuid() == 0 and options["server_user"] and options["server_group"]:
# ensure the that the daemon runs as specified user
change_uid_gid(options["server_user"], options["server_group"])