def dropPrivileges(cfg):
# Drop root privileges if we have them and we're on a posix platform.
# This needs to be a function so it may be used outside of Zope
# appserver startup (e.g. from zopectl debug)
if os.name != "posix":
return
if os.getuid() != 0:
return
import pwd
effective_user = cfg.effective_user
if effective_user is None:
msg = (
"A user was not specified to setuid to; fix this to "
"start as root (change the effective-user directive "
"in zope.conf)"
)
logger.critical(msg)
raise ZConfig.ConfigurationError(msg)
try:
uid = int(effective_user)
except ValueError:
try:
pwrec = pwd.getpwnam(effective_user)
except KeyError:
msg = "Can't find username %r" % effective_user
logger.error(msg)
raise ZConfig.ConfigurationError(msg)
uid = pwrec[2]
else:
try:
pwrec = pwd.getpwuid(uid)
except KeyError:
msg = "Can't find uid %r" % uid
logger.error(msg)
raise ZConfig.ConfigurationError(msg)
gid = pwrec[3]
if uid == 0:
msg = "Cannot start Zope with the effective user as the root user"
logger.error(msg)
raise ZConfig.ConfigurationError(msg)
try:
import initgroups
initgroups.initgroups(effective_user, gid)
os.setgid(gid)
except OSError:
logger.exception("Could not set group id of effective user")
os.setuid(uid)
logger.info('Set effective user to "%s"' % effective_user)
return 1 # for unit testing purposes
def dropPrivileges(cfg):
# Drop root privileges if we have them and we're on a posix platform.
# This needs to be a function so it may be used outside of Zope
# appserver startup (e.g. from zopectl debug)
if os.name != 'posix':
return
if os.getuid() != 0:
return
import pwd
effective_user = cfg.effective_user
if effective_user is None:
msg = ('A user was not specified to setuid to; fix this to '
'start as root (change the effective-user directive '
'in zope.conf)')
logger.critical(msg)
raise ZConfig.ConfigurationError(msg)
try:
uid = int(effective_user)
except ValueError:
try:
pwrec = pwd.getpwnam(effective_user)
except KeyError:
msg = "Can't find username %r" % effective_user
logger.error(msg)
raise ZConfig.ConfigurationError(msg)
uid = pwrec[2]
else:
try:
pwrec = pwd.getpwuid(uid)
except KeyError:
msg = "Can't find uid %r" % uid
logger.error(msg)
raise ZConfig.ConfigurationError(msg)
gid = pwrec[3]
if uid == 0:
msg = 'Cannot start Zope with the effective user as the root user'
logger.error(msg)
raise ZConfig.ConfigurationError(msg)
try:
import initgroups
initgroups.initgroups(effective_user, gid)
os.setgid(gid)
except OSError:
logger.exception('Could not set group id of effective user')
os.setuid(uid)
logger.info('Set effective user to "%s"' % effective_user)
return 1 # for unit testing purposes
def change_user(username="******"): # pragma: no cover
# Ne pas remonter les deux imports suivants, nécessaires pour les tests
# unitaires (mock)
# pylint: disable-msg=W0621,W0404
import os, pwd
uid = os.getuid()
# Vigiconf est lancé en tant que "root",
# on bascule sur un compte utilisateur
# plus approprié (vigiconf).
if not uid:
LOGGER.warning(_("VigiConf was launched as user 'root'. "
"Switching to user '%s' instead."), username)
try:
entry = pwd.getpwnam(username)
except KeyError:
LOGGER.error(_("Unable to switch to user '%s'. Aborting."),
username)
sys.exit(2)
# On remplace les UID/GID réels et effectifs
# par ceux de l'utilisateur 'vigiconf', ainsi que les variables
# d'environnements nécessaires.
os.setregid(entry.pw_gid, entry.pw_gid)
# Permet de charger les groupes supplémentaires
# associés à l'utilisateur "vigiconf".
if hasattr(os, "initgroups"):
os.initgroups(username, entry.pw_gid) #pylint: disable-msg=E1103
else:
import initgroups
initgroups.initgroups(username, entry.pw_gid)
os.setreuid(entry.pw_uid, entry.pw_uid)
os.environ["LOGNAME"] = entry.pw_name
os.environ["USER"] = entry.pw_name
os.environ["USERNAME"] = entry.pw_name
os.environ["HOME"] = entry.pw_dir
os.environ["SHELL"] = entry.pw_shell
if pwd.getpwuid(os.getuid()).pw_name != username:
LOGGER.error(_("VigiConf was not launched as user '%s'. "
"Aborting."), username)
sys.exit(2)
try: UID = string.atoi(UID)
except: pass
gid = None
if isinstance(UID, StringType):
uid = pwd.getpwnam(UID)[2]
gid = pwd.getpwnam(UID)[3]
elif isinstance(UID, IntType):
uid = pwd.getpwuid(UID)[2]
gid = pwd.getpwuid(UID)[3]
UID = pwd.getpwuid(UID)[0]
else:
raise KeyError
if UID == 'nobody':
_warn_nobody()
try:
initgroups.initgroups(UID, gid)
if gid is not None:
try:
os.setgid(gid)
except OSError:
pass
os.setuid(uid)
except OSError:
pass
except KeyError:
zLOG.LOG("z2", zLOG.ERROR, ("Can't find UID %s" % UID))
except AttributeError:
pass
except:
raise