示例#1
0
    def test_executeAsUser_Unix(self):
        """
        Test executing as a different user.
        """
        initial_uid, initial_gid = os.geteuid(), os.getegid()
        initial_groups = os.getgroups()
        test_user = mk.getTestUser(u'normal')
        self.assertNotEqual(
            sorted(self.getGroupsIDForTestAccount()),
            sorted(os.getgroups()),
            )

        with system_users.executeAsUser(username=test_user.name):
            import pwd
            import grp
            uid, gid = os.geteuid(), os.getegid()
            impersonated_username = pwd.getpwuid(uid)[0].decode('utf-8')
            impersonated_groupname = grp.getgrgid(gid)[0].decode('utf-8')
            impersonated_groups = os.getgroups()
            self.assertEqual(test_user.name, impersonated_username)
            self.assertEqual(TEST_ACCOUNT_GROUP, impersonated_groupname)
            self.assertNotEqual(initial_uid, uid)
            self.assertNotEqual(initial_gid, gid)
            self.assertNotEqual(initial_groups, impersonated_groups)
            if self.os_name != 'osx':
                # On OSX newer than 10.5 get/set groups are useless.
                self.assertEqual(
                    sorted(self.getGroupsIDForTestAccount()),
                    sorted(impersonated_groups),
                    )

        self.assertEqual(initial_uid, os.geteuid())
        self.assertEqual(initial_gid, os.getegid())
        self.assertEqual(initial_groups, os.getgroups())
示例#2
0
文件: privilege.py 项目: iNach0z/0bin
 def test_unequal(self):
     old_sups = os.getgroups()
     sups = [ 1, 2, 3 ]
     if os.geteuid() == 0:
         set_sups(sups)
         self.assert_(eql_sups(os.getgroups(), sups))
         # Clean up by resetting supplementary groups
         set_sups(old_sups)
     else:
         self.assertRaises(OSError, set_sups, sups)
示例#3
0
def run_as_root(argv, gain_root=''):
    if not gain_root and which('pkexec') is not None:
            # Use pkexec if possible. It has desktop integration, and will
            # prompt for the user's password if they are administratively
            # privileged (a member of group sudo), or root's password
            # otherwise.
            gain_root = 'pkexec'

    if not gain_root and which('sudo') is not None:
        # Use sudo as the next choice after pkexec, but only if we're in
        # a group that should be able to use it.
        try:
            sudo_group = grp.getgrnam('sudo')
        except KeyError:
            pass
        else:
            if sudo_group.gr_gid in os.getgroups():
                gain_root = 'sudo'

        # If we are in the admin group, also use sudo, but only
        # if this looks like Ubuntu. We use dpkg-vendor at build time
        # to detect Ubuntu derivatives.
        try:
            admin_group = grp.getgrnam('admin')
        except KeyError:
            pass
        else:
            if (admin_group.gr_gid in os.getgroups() and
                    os.path.exists(os.path.join(DATADIR,
                        'is-ubuntu-derived'))):
                gain_root = 'sudo'

    if not gain_root:
        # Use su if we don't have anything better.
        gain_root = 'su'

    if gain_root not in ('su', 'pkexec' ,'sudo', 'super', 'really'):
        logger.warning(('Unknown privilege escalation method %r, assuming ' +
            'it works like sudo') % gain_root)

    if gain_root == 'su':
        print('using su to obtain root privileges and install the package(s)')

        # su expects a single sh(1) command-line
        cmd = ' '.join([shlex.quote(arg) for arg in argv])

        subprocess.call(['su', '-c', cmd])
    else:
        # this code path works for pkexec, sudo, super, really;
        # we assume everything else is the same
        print('using %s to obtain root privileges and install the package(s)' %
                gain_root)
        subprocess.call([gain_root] + list(argv))
    def test_rsync_set_group(self):
        """Test setting the group membership on rsync'd files
        """

        root = tempfile.mkdtemp(prefix="rsync_test_set_group_")
        avail_groups = os.getgroups()
        exp_group = grp.getgrgid(avail_groups[random.randint(1, len(avail_groups)) - 1])[0]

        # Create some files to move
        to_copy = self._create_test_files(root)

        # Run rsync
        with open(os.devnull, "w") as f:
            old_stdout = sys.stdout
            sys.stdout = f
            rsync_files(to_copy, sys.stdout, exp_group, False)
            sys.stdout = old_stdout

        # Verify the copy process set the correct group on created directories
        for ddir in set([d[1] for d in to_copy]):
            gid = os.stat(ddir).st_gid
            obs_group = grp.getgrgid(gid)[0]
            self.assertEqual(
                obs_group, exp_group, "Failed to set group '{}' on directory. Group is {}".format(exp_group, obs_group)
            )

        # Verify the copy process set the correct group
        for src, ddir, dname in to_copy:
            dfile = os.path.join(ddir, dname)
            gid = os.stat(dfile).st_gid
            obs_group = grp.getgrgid(gid)[0]
            self.assertEqual(
                obs_group, exp_group, "Failed to set group '{}' on file. Group is {}".format(exp_group, obs_group)
            )
示例#5
0
def _firstmissinggroup(groupnames):
    usergids = set(os.getgroups())
    for name in groupnames:
        expectedgid = _grpname2gid(name)
        # ignore unknown groups
        if expectedgid is not None and expectedgid not in usergids:
            return name
示例#6
0
def get_os_internals():
    os_internals = []
    if hasattr(os, 'getcwd'):
        os_internals.append(("Current Working Directory", os.getcwd()))
    if hasattr(os, 'getegid'):
        os_internals.append(("Effective Group ID", os.getegid()))

    if hasattr(os, 'geteuid'):
        os_internals.append(("Effective User ID", os.geteuid()))

    if hasattr(os, 'getgid'):
        os_internals.append(("Group ID", os.getgid()))

    if hasattr(os, 'getuid'):
        os_internals.append(("User ID", os.getuid()))

    if hasattr(os, 'getgroups'):
        os_internals.append(
            ("Group Membership", ', '.join(map(str, os.getgroups()))))

    if hasattr(os, 'linesep'):
        os_internals.append(("Line Seperator", repr(os.linesep)[1:-1]))

    if hasattr(os, 'pathsep'):
        os_internals.append(("Path Seperator", os.pathsep))

    if hasattr(os, 'getloadavg'):
        os_internals.append(("Load Avarage",
             ', '.join(map(lambda x: str(round(x, 2)), os.getloadavg()))))

    return os_internals
def show_user_info():
    print 'User (actual/effective)  : %d / %d' % \
        (os.getuid(), os.geteuid())
    print 'Group (actual/effective) : %d / %d' % \
        (os.getgid(), os.getegid())
    print 'Actual Groups   :', os.getgroups()
    return
示例#8
0
def is_writable(path):
    # Ensure that it exists.
    if not os.path.exists(path):
        return False

    # If we're on a posix system, check its permissions.
    if hasattr(os, 'getuid'):
        statdata = os.stat(path)
        perm = stat.S_IMODE(statdata.st_mode)
        # is it world-writable?
        if (perm & 0o002):
            return True
        # do we own it?
        elif statdata.st_uid == os.getuid() and (perm & 0o200):
            return True
        # are we in a group that can write to it?
        elif (statdata.st_gid in [os.getgid()] + os.getgroups()) \
            and (perm & 0o020):
            return True
        # otherwise, we can't write to it.
        else:
            return False

    # Otherwise, we'll assume it's writable.
    # [xx] should we do other checks on other platforms?
    return True
示例#9
0
 def _runAsUser(self, f, *args, **kw):
     euid = os.geteuid()
     egid = os.getegid()
     groups = os.getgroups()[:16]
     uid, gid = self.getUserGroupId()
     os.setegid(0)
     os.seteuid(0)
     os.setgroups(self.getOtherGroups())
     os.setegid(gid)
     os.seteuid(uid)
     try:
         f = iter(f)
     except TypeError:
         f = [(f, args, kw)]
     try:
         for i in f:
             func = i[0]
             args = len(i)>1 and i[1] or ()
             kw = len(i)>2 and i[2] or {}
             r = func(*args, **kw)
     finally:
         os.setegid(0)
         os.seteuid(0)
         os.setgroups(groups)
         os.setegid(egid)
         os.seteuid(euid)
     return r
示例#10
0
    def test_chown_lchown_group(self):
        """user should be able to change group of file/link"""
        
        ## setup part 1, find two user group ids we can use
        gids = os.getgroups()
        if len(gids)<2:
            raise SkipTest("need to be member of at least two groups to run this test")
        ## setup, part 2 - create a file and a link
        file = self._create_file(u'chown_test_file1')
        link = self.path.child('chown_test_link1')
        file.symlink(link)

        ## helper function - check that file has gid0 and link has
        ## gid1 or opposite
        def _chk_grps(reverse=0):
            eq(file.stat().st_gid, gids[reverse])
            eq(link.stat().st_gid, gids[reverse])
            eq(link.lstat().st_gid, gids[not reverse])

        uid = os.geteuid()

        ## setting file to gid0 and link to gid1
        file.lchown(uid, gids[0])
        link.lchown(uid, gids[1])
        _chk_grps()
        ## reversing
        file.chown(uid, gids[1])
        link.lchown(uid, gids[0])
        _chk_grps(1)
        ## setting link to gid0 and file to gid1
        link.chown(uid, gids[0])
        link.lchown(uid, gids[1])
        _chk_grps(0)
示例#11
0
def effectively_readable(path):
    import os, stat

    uid = os.getuid()
    euid = os.geteuid()
    gid = os.getgid()
    egid = os.getegid()

    # This is probably true most of the time, so just let os.access()
    # handle it.  Avoids potential bugs in the rest of this function.
    if uid == euid and gid == egid:
        return os.access(path, os.R_OK)

    st = os.stat(path)

    # This may be wrong depending on the semantics of your OS.
    # i.e. if the file is -------r--, does the owner have access or not?
    if st.st_uid == euid:
        return st.st_mode & stat.S_IRUSR != 0

    # See comment for UID check above.
    groups = os.getgroups()
    if st.st_gid == egid or st.st_gid in groups:
        return st.st_mode & stat.S_IRGRP != 0

    return st.st_mode & stat.S_IROTH != 0
 def __enter__(self):
   if self.uid:
     self.saved_uid = os.geteuid()
     self.saved_groups = os.getgroups()
     if self.uid:
       os.setgroups(self.saved_groups + [AID_INET])
       os.seteuid(self.uid)
示例#13
0
 def _get_non_member_group(self):
     """Get a group tuple that this user is not a member of."""
     user_groups = set(os.getgroups())
     for group in grp.getgrall():
         if group.gr_gid not in user_groups:
             return group
     self.skipTest('no usable groups found')
示例#14
0
    def get_config(self):
        """ Load default, group and user configuation. Then merge them all. 
        The loadpriority is done in the following order:
            1- User section
            2- Group section
            3- Default section
        """
        self.config.read(self.conf['configfile'])
        self.user = getuser()

        self.conf_raw = {}

        # get 'default' configuration if any
        self.get_config_sub('default')

        # get groups configuration if any.
        # for each group the user belongs to, check if specific configuration  \
        # exists.  The primary group has the highest priority. 
        grplist = os.getgroups()
        grplist.reverse()
        for gid in grplist:
            try:
                grpname = grp.getgrgid(gid)[0]
                section = 'grp:' + grpname
                self.get_config_sub(section)
            except KeyError:
                pass

        # get user configuration if any
        self.get_config_sub(self.user)
示例#15
0
 def test_os_setgroups(self):
     os = self.posix
     raises(TypeError, os.setgroups, [2, 5, "hello"])
     try:
         os.setgroups(os.getgroups())
     except OSError:
         pass
示例#16
0
    def setUp(self):
        self.metadata = obnamlib.Metadata()
        self.metadata.st_atime_sec = 12765
        self.metadata.st_atime_nsec = 0
        self.metadata.st_mode = 42 | stat.S_IFREG
        self.metadata.st_mtime_sec = 10**9
        self.metadata.st_mtime_nsec = 0
        # make sure the uid/gid magic numbers aren't the current users
        self.metadata.st_uid = os.getuid() + 1234
        self.metadata.st_gid = 5678
        while self.metadata.st_gid in os.getgroups():
            self.metadata.st_gid += 1

        fd, self.filename = tempfile.mkstemp()
        os.close(fd)
        # On some systems (e.g. FreeBSD) /tmp is apparently setgid and
        # default gid of files is therefore not the user's gid.
        os.chown(self.filename, os.getuid(), os.getgid())

        self.fs = obnamlib.LocalFS('/')
        self.fs.connect()

        self.uid_set = None
        self.gid_set = None
        self.fs.lchown = self.fake_lchown

        obnamlib.set_metadata(self.fs, self.filename, self.metadata)

        self.st = os.stat(self.filename)
示例#17
0
 def check_filesystem_permissions(self):
     import grp
     grname = self.globalconf.root.jurt_group
     logger.debug("checking if the user is a member of the %s group" %
             (grname))
     try:
         group = grp.getgrnam(grname)
     except KeyError:
         raise SetupError, ("there is no system group '%s', please check "
                 "your jurt installation (and see jurt-setup)" %
                 (grname))
     uname, uid = su.my_username()
     if uname not in group.gr_mem:
         raise PermissionError, ("your user %s should be member of the "
                 "%s group in order to jurt work. Did you run (as root) "
                 "jurt-setup -u %s ?" % (uname, grname, uname))
     if group.gr_gid not in os.getgroups():
         raise PermissionError, ("your user is NOT effectively running as a "
                 "member of the %s group, please restart your session "
                 "before running jurt" % (grname))
     sticky = [self.targetconf.roots_path, self.targetconf.spool_dir,
             self.targetconf.logs_dir, self.targetconf.failure_dir,
             self.targetconf.success_dir]
     for path in sticky:
         logger.debug("checking write permission for %s" % (path))
         if not os.access(path, os.W_OK):
             raise PermissionError, ("%s has no write permission for "
                     "you, please check your jurt installation" %
                     (path))
示例#18
0
文件: config.py 项目: abhi11/dak
    def _readconf(self):
        apt_pkg.init()

        self.Cnf = apt_pkg.Configuration()

        apt_pkg.read_config_file_isc(self.Cnf, which_conf_file())

        # Check whether our dak.conf was the real one or
        # just a pointer to our main one
        res = socket.gethostbyaddr(socket.gethostname())
        conffile = self.Cnf.get("Config::" + res[0] + "::DakConfig")
        if conffile:
            apt_pkg.read_config_file_isc(self.Cnf, conffile)

        # Read group-specific options
        if 'ByGroup' in self.Cnf:
            bygroup = self.Cnf.subtree('ByGroup')
            groups = set([os.getgid()])
            groups.update(os.getgroups())

            for group in bygroup.list():
                gid = grp.getgrnam(group).gr_gid
                if gid in groups:
                    if bygroup.get(group):
                        apt_pkg.read_config_file_isc(self.Cnf, bygroup[group])
                    break

        # Rebind some functions
        # TODO: Clean this up
        self.get = self.Cnf.get
        self.subtree = self.Cnf.subtree
        self.value_list = self.Cnf.value_list
        self.find = self.Cnf.find
        self.find_b = self.Cnf.find_b
        self.find_i = self.Cnf.find_i
示例#19
0
    def __init__(self, buildopts, koji_obj):
        self.buildopts = buildopts
        self.koji_obj = koji_obj

        cfg_path = self._init_get_cfg_path()
        self.mock_cmd = ['mock']
        if cfg_path:
            cfg_abspath = os.path.abspath(cfg_path)
            cfg_abspath_no_ext = re.sub(r'\.cfg$', '', cfg_abspath)
            self.cfg_name = os.path.basename(cfg_abspath_no_ext)

            if not os.path.isfile(cfg_abspath):
                raise MockError("Couldn't find mock config file at " + cfg_abspath)

            # The cfg file passed to mock is always relative to /etc/mock
            self.mock_cmd += ['-r', "../../" + cfg_abspath_no_ext]
        else:
            self.cfg_name = None

        self.target_arch = buildopts['target_arch']

        try:
            mock_gid = grp.getgrnam('mock').gr_gid
        except KeyError:
            raise MockError("The mock group does not exist on this system!")
        if mock_gid not in os.getgroups():
            raise MockError(
"""You are not able to do a mock build on this machine because you are not in the mock group.
/etc/group must be edited and your username must be added to the mock group.
You might need to log out and log in for the changes to take effect""")
示例#20
0
def which(file, path=None):
    """
    Does what which(1) does: searches the PATH in order for a given file name
    and returns the full path to first match.
    """
    if not path:
        path = os.getenv("PATH")

    for p in path.split(":"):
        fullpath = os.path.join(p, file)
        try:
            st = os.stat(fullpath)
        except OSError:
            continue

        if sys.platform == 'win32':
            return fullpath

        # On non-Windows, ensure the file is both executable and accessible to
        # the user.
        if os.geteuid() == st[stat.ST_UID]:
            mask = stat.S_IXUSR
        elif st[stat.ST_GID] in os.getgroups():
            mask = stat.S_IXGRP
        else:
            mask = stat.S_IXOTH

        if stat.S_IMODE(st[stat.ST_MODE]) & mask:
            return fullpath

    return None
示例#21
0
文件: utils.py 项目: clones/kaa
def which(file, path = None):
    """
    Does what which(1) does: searches the PATH for a given file
    name and returns a list of matches.
    """
    if not path:
        path = os.getenv("PATH")

    for p in path.split(":"):
        fullpath = os.path.join(p, file)
        try:
            st = os.stat(fullpath)
        except OSError:
            continue

        if os.geteuid() == st[stat.ST_UID]:
            mask = stat.S_IXUSR
        elif st[stat.ST_GID] in os.getgroups():
            mask = stat.S_IXGRP
        else:
            mask = stat.S_IXOTH

        if stat.S_IMODE(st[stat.ST_MODE]) & mask:
            return fullpath

    return None
示例#22
0
文件: data.py 项目: Whissi/portage
def _init(settings):
	"""
	Use config variables like PORTAGE_GRPNAME and PORTAGE_USERNAME to
	initialize global variables. This allows settings to come from make.conf
	instead of requiring them to be set in the calling environment.
	"""
	if '_portage_grpname' not in _initialized_globals and \
		'_portage_username' not in _initialized_globals:

		# Prevents "TypeError: expected string" errors
		# from grp.getgrnam() with PyPy
		native_string = platform.python_implementation() == 'PyPy'

		v = settings.get('PORTAGE_GRPNAME', 'portage')
		if native_string:
			v = portage._native_string(v)
		globals()['_portage_grpname'] = v
		_initialized_globals.add('_portage_grpname')

		v = settings.get('PORTAGE_USERNAME', 'portage')
		if native_string:
			v = portage._native_string(v)
		globals()['_portage_username'] = v
		_initialized_globals.add('_portage_username')

	if 'secpass' not in _initialized_globals:
		v = 0
		if uid == 0:
			v = 2
		elif "unprivileged" in settings.features:
			v = 2
		elif portage_gid in os.getgroups():
			v = 1
		globals()['secpass'] = v
		_initialized_globals.add('secpass')
示例#23
0
文件: test_posix2.py 项目: ieure/pypy
 def setup_class(cls):
     cls.space = space
     cls.w_posix = space.appexec([], GET_POSIX)
     cls.w_path = space.wrap(str(path))
     cls.w_path2 = space.wrap(str(path2))
     cls.w_pdir = space.wrap(str(pdir))
     try:
         cls.w_unicode_dir = space.wrap(
             str(unicode_dir).decode(sys.getfilesystemencoding()))
     except UnicodeDecodeError:
         # filesystem encoding is not good enough
         cls.w_unicode_dir = space.w_None
     if hasattr(os, 'getuid'):
         cls.w_getuid = space.wrap(os.getuid())
         cls.w_geteuid = space.wrap(os.geteuid())
     if hasattr(os, 'getgid'):
         cls.w_getgid = space.wrap(os.getgid())
     if hasattr(os, 'getgroups'):
         cls.w_getgroups = space.newlist([space.wrap(e) for e in os.getgroups()])
     if hasattr(os, 'getpgid'):
         cls.w_getpgid = space.wrap(os.getpgid(os.getpid()))
     if hasattr(os, 'getsid'):
         cls.w_getsid0 = space.wrap(os.getsid(0))
     if hasattr(os, 'sysconf'):
         sysconf_name = os.sysconf_names.keys()[0]
         cls.w_sysconf_name = space.wrap(sysconf_name)
         cls.w_sysconf_value = space.wrap(os.sysconf_names[sysconf_name])
         cls.w_sysconf_result = space.wrap(os.sysconf(sysconf_name))
     cls.w_SIGABRT = space.wrap(signal.SIGABRT)
     cls.w_python = space.wrap(sys.executable)
     if hasattr(os, 'major'):
         cls.w_expected_major_12345 = space.wrap(os.major(12345))
         cls.w_expected_minor_12345 = space.wrap(os.minor(12345))
     cls.w_udir = space.wrap(str(udir))
def show_user_info():
    print "Effective User  :"******"Effective Group :", os.getegid()
    print "Actual User     :"******"Actual Group    :", os.getgid()
    print "Actual Groups   :", os.getgroups()
    return
示例#25
0
 def drop_privs(self, uid):
     (uid, gid) = pwd.getpwnam(uid)[2:4]
     os.setgroups([gid,])
     os.setgid(gid)
     os.setuid(uid)
     if 0 in [os.getuid(), os.getgid()] + list(os.getgroups()):
         raise Exception("error - drop root, please!")
示例#26
0
 def _process_securely(self, operation, path, request, *args, **kw):
     user = request.user_object()
     groups = os.getgroups()
     is_root = not os.getuid()
     uid = os.geteuid()
     gid = os.getegid()
     if not is_root:
         msg = (
             "Framework is not running as root so effective uid "
             "and gid are not being changed prior to doing %s: "
             "%s" % (request.get_command(), path)
         )
         msglog.log("FileRequestHandler", msglog.types.WARN, msg)
     else:
         if self.debug:
             msg = "%s command: file %s, user %s" % (request.get_command(), path, user.name())
             msglog.log(self.name, msglog.types.DB, msg)
         os.setgroups(user.group_ids())
         os.setegid(user.gid())
         os.seteuid(user.uid())
     try:
         result = operation(path, request, *args, **kw)
     finally:
         if is_root:
             os.seteuid(uid)
             os.setegid(gid)
             os.setgroups(groups)
     return result
示例#27
0
 def _runAsUser(self, f, *args, **kw):
     """ Method to logged-in a user.
     """
     user_is_root = os.getuid() == 0  # for tests
     if user_is_root:
         euid = os.geteuid()
         egid = os.getegid()
         groups = os.getgroups()
         uid, gid = self.getUserGroupId()
         os.setegid(0)
         os.seteuid(0)
         os.setgroups(self.getOtherGroups())
         os.setegid(gid)
         os.seteuid(uid)
     try:
         f = iter(f)
     except TypeError:
         f = [(f, args, kw)]
     try:
         for i in f:
             func = i[0]
             args = len(i) > 1 and i[1] or ()
             kw = len(i) > 2 and i[2] or {}
             r = func(*args, **kw)
     finally:
         if user_is_root:
             os.setegid(0)
             os.seteuid(0)
             os.setgroups(groups)
             os.setegid(egid)
             os.seteuid(euid)
     return r
示例#28
0
def setupPermissionChecks():
    uid = os.getuid()
    groups = os.getgroups()

    if uid == 0:
        return None     # If super-user, return None.  Causes no checking to happen.

    # Otherwise, create a closure function which can be used to do checking for each file.
    def checkPermission(pUid, pGid, mode):
        if stat.S_ISDIR(mode):
            if (uid == pUid) and (stat.S_IRUSR & mode) and (stat.S_IXUSR & mode):
                return True
            elif (pGid in groups) and (stat.S_IRGRP & mode) and (stat.S_IXGRP & mode):
                return True
            elif (stat.S_IROTH & mode) and (stat.S_IXOTH & mode):
                return True
        else:
            if (uid == pUid) and (stat.S_IRUSR & mode):
                return True
            elif (pGid in groups) and (stat.S_IRGRP & mode):
                return True
            elif stat.S_IROTH & mode:
                return True
        return False

    # And return the function.
    return checkPermission
def show_user_info():
    print 'Utente effettivo :', os.geteuid()
    print 'Gruppo effettivo :', os.getegid()
    print 'Utente reale     :', os.getuid(), os.getlogin()
    print 'Gruppo reale     :', os.getgid()
    print 'Gruppi reali     :', os.getgroups()
    return
示例#30
0
    def run(self, input=None, command=None):
        makedirs(self.path)

        try:
            os.symlink(sys.argv[0], join(self.path, 'rerun'))
        except OSError:
            pass

        self.id = (os.getuid(), os.getgid(), os.getgroups())
        self.env = os.environ

        self.stdin = input
        if command:
            self.command = command

            def run(command, input=None):
                try:
                    child = Popen(command, stdin=PIPE, stdout=PIPE, stderr=PIPE)
                    stdout, stderr = child.communicate(input)

                    return stdout, stderr, child.returncode

                except OSError, e:
                    return "", str(e), None

            self.stdout, self.stderr, self.exitcode = run(command, input)
            sys.exit(self.exitcode)
示例#31
0
 def _is_live(self):
     for group in os.getgroups():
         if group == os.getuid() == 999 and grp.getgrgid(
                 group).gr_name == os.getenv('LOGNAME') == 'jolicloud':
             return True
     return False
示例#32
0
 def _is_guest(self):
     for group in os.getgroups():
         if grp.getgrgid(group).gr_name == 'guests':
             return True
     return False
示例#33
0
文件: helpers.py 项目: jmberg/bup
 def is_superuser():
     # https://cygwin.com/ml/cygwin/2015-02/msg00057.html
     groups = os.getgroups()
     return 544 in groups or 0 in groups
示例#34
0
import os

groups = os.getgroups()
print groups
示例#35
0
 def report_ids(msg):
     logger.debug('{msg}: uid={uid}, gid={gid}, groups={grp}'.format(
         msg=msg, uid=os.getuid(), gid=os.getgid(), grp=os.getgroups()))
示例#36
0
 def _get_non_member_group(self):
     """Find a group that this user is not a member of."""
     # All that matters is that we return a gid outside of the set of this
     # user's groups.
     user_groups = set(os.getgroups())
     return max(user_groups) + 1
示例#37
0
    debug = True
    debug_filename = args.debug
    try:
        debug_fileobj = open(debug_filename, mode='a')
    except OSError as err:
        sys.stderr.write('WARN: Error opening debug file "{}": {}\n'.format(
            debug_filename, err))
        debug = False
else:
    debug = False
dbg('Debug started')
dbg('Arguments: bind_address={}, bind_port={}, mival={}, verbose={}, snmp_agent={}, print_table={}'
    .format(bind_address, bind_port, mival, verbose, snmp_agent, print_table))
dbg('RUID: {}, EUID: {}, SUID: {}, RGID: {}, EGID:{}, SGID: {}'.format(
    *(os.getresuid() + os.getresgid())))
dbg('Group IDs: {}'.format(repr(os.getgroups())))

# Save base time
ts_base = time.time()
dbg('Saved base timestamp: {}'.format(ts_base))

# We should pass handshake quickly
# We don't want to block while read from stdin if acting as SNMP agent
if snmp_agent:
    # Handshake
    try:
        dbg('Waiting handshake')
        line = sys.stdin.readline()
        dbg('Read line from stdin: {}'.format(repr(line)))
    except OSError as err:
        sys.stderr.write('Error reading stdin: {}\n'.format(err))
示例#38
0
 def test_os_getgroups(self):
     os = self.posix
     assert os.getgroups() == self.getgroups
示例#39
0
def _get_global(k):
    if k in _initialized_globals:
        return globals()[k]

    if k == "secpass":

        unprivileged = False
        if hasattr(portage, "settings"):
            unprivileged = "unprivileged" in portage.settings.features
        else:
            # The config class has equivalent code, but we also need to
            # do it here if _disable_legacy_globals() has been called.
            eroot_or_parent = first_existing(
                os.path.join(_target_root(),
                             _target_eprefix().lstrip(os.sep)))
            try:
                eroot_st = os.stat(eroot_or_parent)
            except OSError:
                pass
            else:
                unprivileged = _unprivileged_mode(eroot_or_parent, eroot_st)

        v = 0
        if uid == 0:
            v = 2
        elif unprivileged:
            v = 2
        elif _get_global("portage_gid") in os.getgroups():
            v = 1

    elif k in ("portage_gid", "portage_uid"):

        # Discover the uid and gid of the portage user/group
        keyerror = False
        try:
            portage_uid = pwd.getpwnam(_get_global("_portage_username")).pw_uid
        except KeyError:
            keyerror = True
            portage_uid = 0

        try:
            portage_gid = grp.getgrnam(_get_global("_portage_grpname")).gr_gid
        except KeyError:
            keyerror = True
            portage_gid = 0

        # Suppress this error message if both PORTAGE_GRPNAME and
        # PORTAGE_USERNAME are set to "root", for things like
        # Android (see bug #454060).
        if keyerror and not (_get_global("_portage_username") == "root"
                             and _get_global("_portage_grpname") == "root"):
            writemsg(
                colorize("BAD", _("portage: 'portage' user or group missing."))
                + "\n",
                noiselevel=-1,
            )
            writemsg(
                _("         For the defaults, line 1 goes into passwd, "
                  "and 2 into group.\n"),
                noiselevel=-1,
            )
            writemsg(
                colorize(
                    "GOOD",
                    "         portage:x:250:250:portage:/var/tmp/portage:/bin/false",
                ) + "\n",
                noiselevel=-1,
            )
            writemsg(colorize("GOOD", "         portage::250:portage") + "\n",
                     noiselevel=-1)
            portage_group_warning()

        globals()["portage_gid"] = portage_gid
        _initialized_globals.add("portage_gid")
        globals()["portage_uid"] = portage_uid
        _initialized_globals.add("portage_uid")

        if k == "portage_gid":
            return portage_gid
        if k == "portage_uid":
            return portage_uid
        raise AssertionError("unknown name: %s" % k)

    elif k == "userpriv_groups":
        v = [_get_global("portage_gid")]
        if secpass >= 2:
            # Get a list of group IDs for the portage user. Do not use
            # grp.getgrall() since it is known to trigger spurious
            # SIGPIPE problems with nss_ldap.
            cmd = ["id", "-G", _portage_username]

            encoding = portage._encodings["content"]
            cmd = [
                portage._unicode_encode(x, encoding=encoding, errors="strict")
                for x in cmd
            ]
            proc = subprocess.Popen(cmd,
                                    stdout=subprocess.PIPE,
                                    stderr=subprocess.STDOUT)
            myoutput = proc.communicate()[0]
            status = proc.wait()
            if os.WIFEXITED(status) and os.WEXITSTATUS(status) == os.EX_OK:
                for x in portage._unicode_decode(myoutput,
                                                 encoding=encoding,
                                                 errors="strict").split():
                    try:
                        v.append(int(x))
                    except ValueError:
                        pass
                v = sorted(set(v))

    # Avoid instantiating portage.settings when the desired
    # variable is set in os.environ.
    elif k in ("_portage_grpname", "_portage_username"):
        v = None
        if k == "_portage_grpname":
            env_key = "PORTAGE_GRPNAME"
        else:
            env_key = "PORTAGE_USERNAME"

        if env_key in os.environ:
            v = os.environ[env_key]
        elif hasattr(portage, "settings"):
            v = portage.settings.get(env_key)
        else:
            # The config class has equivalent code, but we also need to
            # do it here if _disable_legacy_globals() has been called.
            eroot_or_parent = first_existing(
                os.path.join(_target_root(),
                             _target_eprefix().lstrip(os.sep)))
            try:
                eroot_st = os.stat(eroot_or_parent)
            except OSError:
                pass
            else:
                if _unprivileged_mode(eroot_or_parent, eroot_st):
                    if k == "_portage_grpname":
                        try:
                            grp_struct = grp.getgrgid(eroot_st.st_gid)
                        except KeyError:
                            pass
                        else:
                            v = grp_struct.gr_name
                    else:
                        try:
                            pwd_struct = pwd.getpwuid(eroot_st.st_uid)
                        except KeyError:
                            pass
                        else:
                            v = pwd_struct.pw_name

        if v is None:
            v = "portage"
    else:
        raise AssertionError("unknown name: %s" % k)

    globals()[k] = v
    _initialized_globals.add(k)
    return v
示例#40
0
def check_group_membership():
    if 'lago' not in [grp.getgrgid(gid).gr_name for gid in os.getgroups()]:
        warnings.warn('current session does not belong to lago group.')
""" Write a Python program to get the effective group id, effective user id, real group id,
    a list of supplemental group ids associated with the current process.
    Note: Availability: Unix. """

import os
# get effective group id
print("Effective group id : ", os.getegid())
# get effective user id
print("Effective user id : ", os.geteuid())
# get real group id
print("Real group id : ", os.getgid())
# get list of groups
print("List of group : ", os.getgroups())

示例#42
0
import os
UserId = ("The User ID: ", os.getuid())
print(UserId)
GroupId = ("The Group ID: ", os.getegid())
print(GroupId)
Realgroup = ("The Real Group ID: ", os.getgid())
print(Realgroup)
Supplement = ("The Supplement ID: ", os.getgroups())
print(Supplement)
示例#43
0
import crypt
import functools
import grp
import os
import platform
import pwd
import random
import socket
import subprocess
import threading

import rqconstants

PERMISSIONS = threading.Lock()
HIGH_PERMISSION_GROUPS = os.getgroups()


class Memoize(object):
    """From: https://gist.github.com/267733/8f5d2e3576b6a6f221f6fb7e2e10d395ad7303f9"""
    def __init__(self, func):
        self.func = func
        self.memoized = {}
        self.methodCache = {}
    def __call__(self, *args):
        return self.cacheGet(self.memoized, args,
            lambda: self.func(*args))
    def __get__(self, obj, objtype):
        return self.cacheGet(self.methodCache, obj,
            lambda: self.__class__(functools.partial(self.func, obj)))
    def cacheGet(self, cache, key, func):
示例#44
0
    def is_unarchived(self):
        cmd = '%s -ZT -s "%s"' % (self.cmd_path, self.src)
        if self.excludes:
            cmd += ' -x "' + '" "'.join(self.excludes) + '"'
        rc, out, err = self.module.run_command(cmd)

        old_out = out
        diff = ''
        out = ''
        if rc == 0:
            unarchived = True
        else:
            unarchived = False

        # Get some information related to user/group ownership
        umask = os.umask(0)
        os.umask(umask)

        # Get current user and group information
        groups = os.getgroups()
        run_uid = os.getuid()
        run_gid = os.getgid()
        try:
            run_owner = pwd.getpwuid(run_uid).pw_name
        except:
            run_owner = run_uid
        try:
            run_group = grp.getgrgid(run_gid).gr_name
        except:
            run_group = run_gid

        # Get future user ownership
        fut_owner = fut_uid = None
        if self.file_args['owner']:
            try:
                tpw = pwd.getpwname(self.file_args['owner'])
            except:
                try:
                    tpw = pwd.getpwuid(self.file_args['owner'])
                except:
                    tpw = pwd.getpwuid(run_uid)
            fut_owner = tpw.pw_name
            fut_uid = tpw.pw_uid
        else:
            try:
                fut_owner = run_owner
            except:
                pass
            fut_uid = run_uid

        # Get future group ownership
        fut_group = fut_gid = None
        if self.file_args['group']:
            try:
                tgr = grp.getgrnam(self.file_args['group'])
            except:
                try:
                    tgr = grp.getgrgid(self.file_args['group'])
                except:
                    tgr = grp.getgrgid(run_gid)
            fut_group = tgr.gr_name
            fut_gid = tgr.gr_gid
        else:
            try:
                fut_group = run_group
            except:
                pass
            fut_gid = run_gid

        for line in old_out.splitlines():
            change = False

            pcs = line.split()
            if len(pcs) != 8: continue

            ztype = pcs[0][0]
            permstr = pcs[0][1:10]
            version = pcs[0][1]
            ostype = pcs[0][2]
            size = int(pcs[3])
            path = pcs[7]

            # Skip excluded files
            if path in self.excludes:
                out += 'Path %s is excluded on request\n' % path
                continue

            # Itemized change requires L for symlink
            if path[-1] == '/':
                if ztype != 'd':
                    err += 'Path %s incorrectly tagged as "%s", but is a directory.\n' % (
                        path, ztype)
                ftype = 'd'
            elif ztype == 'l':
                ftype = 'L'
            elif ztype == '-':
                ftype = 'f'
            elif ztype == '?':
                ftype = 'f'

            # Some files may be storing FAT permissions, not Unix permissions
            if len(permstr) == 6:
                if path[-1] == '/':
                    permstr = 'rwxrwxrwx'
                elif permstr == 'rwx---':
                    permstr = 'rwxrwxrwx'
                else:
                    permstr = 'rw-rw-rw-'

            # Test string conformity
            if len(permstr) != 9 or not ZIP_FILE_MODE_RE.match(permstr):
                raise UnarchiveError('ZIP info perm format incorrect, %s' %
                                     permstr)

            # DEBUG
#            err += "%s%s %10d %s\n" % (ztype, permstr, size, path)

            dest = os.path.join(self.dest, path)
            try:
                st = os.lstat(dest)
            except:
                change = True
                self.includes.append(path)
                err += 'Path %s is missing\n' % path
                diff += '>%s++++++.?? %s\n' % (ftype, path)
                continue

            # Compare file types
            if ftype == 'd' and not stat.S_ISDIR(st.st_mode):
                change = True
                self.includes.append(path)
                err += 'File %s already exists, but not as a directory\n' % path
                diff += 'c%s++++++.?? %s\n' % (ftype, path)
                continue

            if ftype == 'f' and not stat.S_ISREG(st.st_mode):
                change = True
                unarchived = False
                self.includes.append(path)
                err += 'Directory %s already exists, but not as a regular file\n' % path
                diff += 'c%s++++++.?? %s\n' % (ftype, path)
                continue

            if ftype == 'L' and not stat.S_ISLNK(st.st_mode):
                change = True
                self.includes.append(path)
                err += 'Directory %s already exists, but not as a symlink\n' % path
                diff += 'c%s++++++.?? %s\n' % (ftype, path)
                continue

            itemized = bytearray('.%s.......??' % ftype)

            dt_object = datetime.datetime(
                *(time.strptime(pcs[6], '%Y%m%d.%H%M%S')[0:6]))
            timestamp = time.mktime(dt_object.timetuple())

            # Compare file timestamps
            if stat.S_ISREG(st.st_mode):
                if self.module.params['keep_newer']:
                    if timestamp > st.st_mtime:
                        change = True
                        self.includes.append(path)
                        err += 'File %s is older, replacing file\n' % path
                        itemized[4] = 't'
                    elif stat.S_ISREG(st.st_mode) and timestamp < st.st_mtime:
                        # Add to excluded files, ignore other changes
                        out += 'File %s is newer, excluding file\n' % path
                        continue
                else:
                    if timestamp != st.st_mtime:
                        change = True
                        self.includes.append(path)
                        err += 'File %s differs in mtime (%f vs %f)\n' % (
                            path, timestamp, st.st_mtime)
                        itemized[4] = 't'

            # Compare file sizes
            if stat.S_ISREG(st.st_mode) and size != st.st_size:
                change = True
                err += 'File %s differs in size (%d vs %d)\n' % (path, size,
                                                                 st.st_size)
                itemized[3] = 's'

            # Compare file checksums
            if stat.S_ISREG(st.st_mode):
                crc = crc32(dest)
                if crc != self._crc32(path):
                    change = True
                    err += 'File %s differs in CRC32 checksum (0x%08x vs 0x%08x)\n' % (
                        path, self._crc32(path), crc)
                    itemized[2] = 'c'

            # Compare file permissions

            # Do not handle permissions of symlinks
            if ftype != 'L':
                # Only special files require no umask-handling
                if ztype == '?':
                    mode = self._permstr_to_octal(permstr, 0)
                else:
                    mode = self._permstr_to_octal(permstr, umask)
                if self.file_args['mode'] and self.file_args[
                        'mode'] != stat.S_IMODE(st.st_mode):
                    change = True
                    err += 'Path %s differs in permissions (%o vs %o)\n' % (
                        path, self.file_args['mode'], stat.S_IMODE(st.st_mode))
                    itemized[5] = 'p'
                elif mode != stat.S_IMODE(st.st_mode):
                    change = True
                    itemized[5] = 'p'
                    err += 'Path %s differs in permissions (%o vs %o)\n' % (
                        path, mode, stat.S_IMODE(st.st_mode))

            # Compare file user ownership
            owner = uid = None
            try:
                owner = pwd.getpwuid(st.st_uid).pw_name
            except:
                uid = st.st_uid

            # If we are not root and requested owner is not our user, fail
            if run_uid != 0 and (fut_owner != run_owner or fut_uid != run_uid):
                raise UnarchiveError(
                    'Cannot change ownership of %s to %s, as user %s' %
                    (path, fut_owner, run_owner))

            if owner and owner != fut_owner:
                change = True
                err += 'Path %s is owned by user %s, not by user %s as expected\n' % (
                    path, owner, fut_owner)
                itemized[6] = 'o'
            elif uid and uid != fut_uid:
                change = True
                err += 'Path %s is owned by uid %s, not by uid %s as expected\n' % (
                    path, uid, fut_uid)
                itemized[6] = 'o'

            # Compare file group ownership
            group = gid = None
            try:
                group = grp.getgrgid(st.st_gid).gr_name
            except:
                gid = st.st_gid

            if run_uid != 0 and fut_gid not in groups:
                raise UnarchiveError(
                    'Cannot change group ownership of %s to %s, as user %s' %
                    (path, fut_group, run_owner))

            if group and group != fut_group:
                change = True
                err += 'Path %s is owned by group %s, not by group %s as expected\n' % (
                    path, group, fut_group)
                itemized[6] = 'g'
            elif gid and gid != fut_gid:
                change = True
                err += 'Path %s is owned by gid %s, not by gid %s as expected\n' % (
                    path, gid, fut_gid)
                itemized[6] = 'g'

            # Register changed files and finalize diff output
            if change:
                if path not in self.includes:
                    self.includes.append(path)
                diff += '%s %s\n' % (itemized, path)

        if self.includes:
            unarchived = False

        # DEBUG
#        out = old_out + out

        return dict(unarchived=unarchived,
                    rc=rc,
                    out=out,
                    err=err,
                    cmd=cmd,
                    diff=diff)
示例#45
0
import os

print(os.getgroups())


示例#46
0
    def _apply_common_rec(self, path, restore_numeric_ids=False):
        if not self.mode:
            raise ApplyError('no metadata - cannot apply to ' + path)

        # FIXME: S_ISDOOR, S_IFMPB, S_IFCMP, S_IFNWK, ... see stat(2).
        # EACCES errors at this stage are fatal for the current path.
        if lutime and stat.S_ISLNK(self.mode):
            try:
                lutime(path, (self.atime, self.mtime))
            except OSError as e:
                if e.errno == errno.EACCES:
                    raise ApplyError('lutime: %s' % e)
                else:
                    raise
        else:
            try:
                utime(path, (self.atime, self.mtime))
            except OSError as e:
                if e.errno == errno.EACCES:
                    raise ApplyError('utime: %s' % e)
                else:
                    raise

        uid = gid = -1  # By default, do nothing.
        if is_superuser():
            uid = self.uid
            gid = self.gid
            if not restore_numeric_ids:
                if self.uid != 0 and self.user:
                    entry = pwd_from_name(self.user)
                    if entry:
                        uid = entry.pw_uid
                if self.gid != 0 and self.group:
                    entry = grp_from_name(self.group)
                    if entry:
                        gid = entry.gr_gid
        else:  # not superuser - only consider changing the group/gid
            user_gids = os.getgroups()
            if self.gid in user_gids:
                gid = self.gid
            if not restore_numeric_ids and self.gid != 0:
                # The grp might not exist on the local system.
                grps = filter(None, [grp_from_gid(x) for x in user_gids])
                if self.group in [x.gr_name for x in grps]:
                    g = grp_from_name(self.group)
                    if g:
                        gid = g.gr_gid

        if uid != -1 or gid != -1:
            try:
                os.lchown(path, uid, gid)
            except OSError as e:
                if e.errno == errno.EPERM:
                    add_error('lchown: %s' % e)
                elif sys.platform.startswith('cygwin') \
                   and e.errno == errno.EINVAL:
                    add_error('lchown: unknown uid/gid (%d/%d) for %s' %
                              (uid, gid, path))
                else:
                    raise

        if _have_lchmod:
            try:
                os.lchmod(path, stat.S_IMODE(self.mode))
            except errno.ENOSYS:  # Function not implemented
                pass
        elif not stat.S_ISLNK(self.mode):
            os.chmod(path, stat.S_IMODE(self.mode))
示例#47
0
    def is_unarchived(self):
        cmd = [ self.cmd_path, '-ZT', '-s', self.src ]
        if self.excludes:
            cmd.extend([ ' -x ', ] + self.excludes)
        rc, out, err = self.module.run_command(cmd)

        old_out = out
        diff = ''
        out = ''
        if rc == 0:
            unarchived = True
        else:
            unarchived = False

        # Get some information related to user/group ownership
        umask = os.umask(0)
        os.umask(umask)

        # Get current user and group information
        groups = os.getgroups()
        run_uid = os.getuid()
        run_gid = os.getgid()
        try:
            run_owner = pwd.getpwuid(run_uid).pw_name
        except:
            run_owner = run_uid
        try:
            run_group = grp.getgrgid(run_gid).gr_name
        except:
            run_group = run_gid

        # Get future user ownership
        fut_owner = fut_uid = None
        if self.file_args['owner']:
            try:
                tpw = pwd.getpwname(self.file_args['owner'])
            except:
                try:
                    tpw = pwd.getpwuid(self.file_args['owner'])
                except:
                    tpw = pwd.getpwuid(run_uid)
            fut_owner = tpw.pw_name
            fut_uid = tpw.pw_uid
        else:
            try:
                fut_owner = run_owner
            except:
                pass
            fut_uid = run_uid

        # Get future group ownership
        fut_group = fut_gid = None
        if self.file_args['group']:
            try:
                tgr = grp.getgrnam(self.file_args['group'])
            except:
                try:
                    tgr = grp.getgrgid(self.file_args['group'])
                except:
                    tgr = grp.getgrgid(run_gid)
            fut_group = tgr.gr_name
            fut_gid = tgr.gr_gid
        else:
            try:
                fut_group = run_group
            except:
                pass
            fut_gid = run_gid

        for line in old_out.splitlines():
            change = False

            pcs = line.split(None, 7)
            if len(pcs) != 8:
                # Too few fields... probably a piece of the header or footer
                continue

            # Check first and seventh field in order to skip header/footer
            if len(pcs[0]) != 7 and len(pcs[0]) != 10:
                continue
            if len(pcs[6]) != 15:
                continue

            # Possible entries:
            #   -rw-rws---  1.9 unx    2802 t- defX 11-Aug-91 13:48 perms.2660
            #   -rw-a--     1.0 hpf    5358 Tl i4:3  4-Dec-91 11:33 longfilename.hpfs
            #   -r--ahs     1.1 fat    4096 b- i4:2 14-Jul-91 12:58 EA DATA. SF
            #   --w-------  1.0 mac   17357 bx i8:2  4-May-92 04:02 unzip.macr
            if pcs[0][0] not in 'dl-?' or not frozenset(pcs[0][1:]).issubset('rwxstah-'):
                continue

            ztype = pcs[0][0]
            permstr = pcs[0][1:]
            version = pcs[1]
            ostype = pcs[2]
            size = int(pcs[3])
            path = to_text(pcs[7], errors='surrogate_or_strict')

            # Skip excluded files
            if path in self.excludes:
                out += 'Path %s is excluded on request\n' % path
                continue

            # Itemized change requires L for symlink
            if path[-1] == '/':
                if ztype != 'd':
                    err += 'Path %s incorrectly tagged as "%s", but is a directory.\n' % (path, ztype)
                ftype = 'd'
            elif ztype == 'l':
                ftype = 'L'
            elif ztype == '-':
                ftype = 'f'
            elif ztype == '?':
                ftype = 'f'

            # Some files may be storing FAT permissions, not Unix permissions
            if len(permstr) == 6:
                if path[-1] == '/':
                    permstr = 'rwxrwxrwx'
                elif permstr == 'rwx---':
                    permstr = 'rwxrwxrwx'
                else:
                    permstr = 'rw-rw-rw-'

            # Test string conformity
            if len(permstr) != 9 or not ZIP_FILE_MODE_RE.match(permstr):
                raise UnarchiveError('ZIP info perm format incorrect, %s' % permstr)

            # DEBUG
#            err += "%s%s %10d %s\n" % (ztype, permstr, size, path)

            dest = os.path.join(self.dest, path)
            try:
                st = os.lstat(dest)
            except:
                change = True
                self.includes.append(path)
                err += 'Path %s is missing\n' % path
                diff += '>%s++++++.?? %s\n' % (ftype, path)
                continue

            # Compare file types
            if ftype == 'd' and not stat.S_ISDIR(st.st_mode):
                change = True
                self.includes.append(path)
                err += 'File %s already exists, but not as a directory\n' % path
                diff += 'c%s++++++.?? %s\n' % (ftype, path)
                continue

            if ftype == 'f' and not stat.S_ISREG(st.st_mode):
                change = True
                unarchived = False
                self.includes.append(path)
                err += 'Directory %s already exists, but not as a regular file\n' % path
                diff += 'c%s++++++.?? %s\n' % (ftype, path)
                continue

            if ftype == 'L' and not stat.S_ISLNK(st.st_mode):
                change = True
                self.includes.append(path)
                err += 'Directory %s already exists, but not as a symlink\n' % path
                diff += 'c%s++++++.?? %s\n' % (ftype, path)
                continue

            itemized = list('.%s.......??' % ftype)

            # Note: this timestamp calculation has a rounding error
            # somewhere... unzip and this timestamp can be one second off
            # When that happens, we report a change and re-unzip the file
            dt_object = datetime.datetime(*(time.strptime(pcs[6], '%Y%m%d.%H%M%S')[0:6]))
            timestamp = time.mktime(dt_object.timetuple())

            # Compare file timestamps
            if stat.S_ISREG(st.st_mode):
                if self.module.params['keep_newer']:
                    if timestamp > st.st_mtime:
                        change = True
                        self.includes.append(path)
                        err += 'File %s is older, replacing file\n' % path
                        itemized[4] = 't'
                    elif stat.S_ISREG(st.st_mode) and timestamp < st.st_mtime:
                        # Add to excluded files, ignore other changes
                        out += 'File %s is newer, excluding file\n' % path
                        self.excludes.append(path)
                        continue
                else:
                    if timestamp != st.st_mtime:
                        change = True
                        self.includes.append(path)
                        err += 'File %s differs in mtime (%f vs %f)\n' % (path, timestamp, st.st_mtime)
                        itemized[4] = 't'

            # Compare file sizes
            if stat.S_ISREG(st.st_mode) and size != st.st_size:
                change = True
                err += 'File %s differs in size (%d vs %d)\n' % (path, size, st.st_size)
                itemized[3] = 's'

            # Compare file checksums
            if stat.S_ISREG(st.st_mode):
                crc = crc32(dest)
                if crc != self._crc32(path):
                    change = True
                    err += 'File %s differs in CRC32 checksum (0x%08x vs 0x%08x)\n' % (path, self._crc32(path), crc)
                    itemized[2] = 'c'

            # Compare file permissions

            # Do not handle permissions of symlinks
            if ftype != 'L':

                # Use the new mode provided with the action, if there is one
                if self.file_args['mode']:
                    if isinstance(self.file_args['mode'], int):
                        mode = self.file_args['mode']
                    else:
                        try:
                            mode = int(self.file_args['mode'], 8)
                        except Exception:
                            e = get_exception()
                            self.module.fail_json(path=path, msg="mode %(mode)s must be in octal form" % self.file_args, details=str(e))
                # Only special files require no umask-handling
                elif ztype == '?':
                    mode = self._permstr_to_octal(permstr, 0)
                else:
                    mode = self._permstr_to_octal(permstr, umask)

                if mode != stat.S_IMODE(st.st_mode):
                    change = True
                    itemized[5] = 'p'
                    err += 'Path %s differs in permissions (%o vs %o)\n' % (path, mode, stat.S_IMODE(st.st_mode))

            # Compare file user ownership
            owner = uid = None
            try:
                owner = pwd.getpwuid(st.st_uid).pw_name
            except:
                uid = st.st_uid

            # If we are not root and requested owner is not our user, fail
            if run_uid != 0 and (fut_owner != run_owner or fut_uid != run_uid):
                raise UnarchiveError('Cannot change ownership of %s to %s, as user %s' % (path, fut_owner, run_owner))

            if owner and owner != fut_owner:
                change = True
                err += 'Path %s is owned by user %s, not by user %s as expected\n' % (path, owner, fut_owner)
                itemized[6] = 'o'
            elif uid and uid != fut_uid:
                change = True
                err += 'Path %s is owned by uid %s, not by uid %s as expected\n' % (path, uid, fut_uid)
                itemized[6] = 'o'

            # Compare file group ownership
            group = gid = None
            try:
                group = grp.getgrgid(st.st_gid).gr_name
            except:
                gid = st.st_gid

            if run_uid != 0 and fut_gid not in groups:
                raise UnarchiveError('Cannot change group ownership of %s to %s, as user %s' % (path, fut_group, run_owner))

            if group and group != fut_group:
                change = True
                err += 'Path %s is owned by group %s, not by group %s as expected\n' % (path, group, fut_group)
                itemized[6] = 'g'
            elif gid and gid != fut_gid:
                change = True
                err += 'Path %s is owned by gid %s, not by gid %s as expected\n' % (path, gid, fut_gid)
                itemized[6] = 'g'

            # Register changed files and finalize diff output
            if change:
                if path not in self.includes:
                    self.includes.append(path)
                diff += '%s %s\n' % (''.join(itemized), path)

        if self.includes:
            unarchived = False

        # DEBUG
#        out = old_out + out

        return dict(unarchived=unarchived, rc=rc, out=out, err=err, cmd=cmd, diff=diff)
示例#48
0
 def gid(self):
     grps = os.getgroups()
     if os_data.portage_gid in grps:
         return os_data.portage_gid
     return grps[0]
示例#49
0
def get_group(user_id):
    groups = sorted(os.getgroups())
    if user_id in groups:
        return user_id
    else:
        return groups[len(groups) - 1]
示例#50
0
BYPASS_GPG = os.environ.get("BYPASS_GPG", "").lower() == "true"
ENV_EGG = os.environ.get("EGG")
NEW_EGG = "/var/lib/insights/newest.egg"
STABLE_EGG = "/var/lib/insights/last_stable.egg"
RPM_EGG = "/etc/insights-client/rpm.egg"
EGGS = [ENV_EGG, NEW_EGG, STABLE_EGG, RPM_EGG]

logger = logging.getLogger(__name__)

# handle user/group permissions
try:
    insights_uid = pwd.getpwnam("insights").pw_uid
    insights_gid = pwd.getpwnam("insights").pw_gid
    insights_grpid = grp.getgrnam("insights").gr_gid
    curr_user_grps = os.getgroups()
except:
    insights_uid = insights_gid = insights_grpid = None


def log(msg):
    print(msg, file=sys.stderr)


def demote(uid, gid, run_as_root):
    if (run_as_root):
        return None
    if os.geteuid() == 0:
        def result():
            os.setgid(gid)
            os.setuid(uid)
示例#51
0
def collect_os(info_add):
    import os

    def format_attr(attr, value):
        if attr in ('supports_follow_symlinks', 'supports_fd',
                    'supports_effective_ids'):
            return str(sorted(func.__name__ for func in value))
        else:
            return value

    attributes = (
        'name',
        'supports_bytes_environ',
        'supports_effective_ids',
        'supports_fd',
        'supports_follow_symlinks',
    )
    copy_attributes(info_add, os, 'os.%s', attributes, formatter=format_attr)

    info_add("os.cwd", os.getcwd())

    call_func(info_add, 'os.uid', os, 'getuid')
    call_func(info_add, 'os.gid', os, 'getgid')
    call_func(info_add, 'os.uname', os, 'uname')

    if hasattr(os, 'getgroups'):
        groups = os.getgroups()
        groups = map(str, groups)
        groups = ', '.join(groups)
        info_add("os.groups", groups)

    if hasattr(os, 'getlogin'):
        try:
            login = os.getlogin()
        except OSError:
            # getlogin() fails with "OSError: [Errno 25] Inappropriate ioctl
            # for device" on Travis CI
            pass
        else:
            info_add("os.login", login)

    if hasattr(os, 'cpu_count'):
        cpu_count = os.cpu_count()
        if cpu_count:
            info_add('os.cpu_count', cpu_count)

    call_func(info_add, 'os.loadavg', os, 'getloadavg')

    # Get environment variables: filter to list
    # to not leak sensitive information
    ENV_VARS = (
        "CC",
        "COMSPEC",
        "DISPLAY",
        "DISTUTILS_USE_SDK",
        "DYLD_LIBRARY_PATH",
        "HOME",
        "HOMEDRIVE",
        "HOMEPATH",
        "LANG",
        "LD_LIBRARY_PATH",
        "MACOSX_DEPLOYMENT_TARGET",
        "MAKEFLAGS",
        "MSSDK",
        "PATH",
        "SDK_TOOLS_BIN",
        "SHELL",
        "TEMP",
        "TERM",
        "TMP",
        "TMPDIR",
        "USERPROFILE",
        "WAYLAND_DISPLAY",
    )
    for name, value in os.environ.items():
        uname = name.upper()
        if (uname in ENV_VARS or uname.startswith(("PYTHON", "LC_"))
                # Visual Studio: VS140COMNTOOLS
                or (uname.startswith("VS") and uname.endswith("COMNTOOLS"))):
            info_add('os.environ[%s]' % name, value)

    if hasattr(os, 'umask'):
        mask = os.umask(0)
        os.umask(mask)
        info_add("os.umask", '%03o' % mask)

    if hasattr(os, 'getrandom'):
        # PEP 524: Check if system urandom is initialized
        try:
            os.getrandom(1, os.GRND_NONBLOCK)
            state = 'ready (initialized)'
        except BlockingIOError as exc:
            state = 'not seeded yet (%s)' % exc
        info_add('os.getrandom', state)
示例#52
0
def become_user(user, requested_groups, config, LOG: Log):
    """
    Change the process' identity (real and effective) to a user's (if
    process was started with sufficient privileges to allow this,
    does nothing otherwise)
    Arguments:
      user = Name of the user
      requested_groups = list of group names
      config - configuration
      LOG - logger

    Returns: True if successful, an error string otherwise

    Side effects: modifies the ENV array, setting values for USER, LOGNAME and
    HOME
    """

    euid = config['uftpd.effective_uid']
    setting_uids = config['uftpd.switch_uid']
    user_cache = config['uftpd.user_cache']
    fail_on_invalid_gids = config.get('uftpd.fail_on_invalid_gids', True)
    primary = requested_groups[0]

    if not setting_uids:
        if euid == 0:
            # make sure to prevent running things as root
            return "Running as root and not setting uids --- this is not " \
                   "allowed. Please check your UFTPD installation!"
        else:
            return True

    new_uid = user_cache.get_uid_4user(user)

    if new_uid == -1:
        return "Attempted to select unknown user '%s'" % user

    if new_uid == 0:
        return "Attempted to select 'root'"

    # Do project (group) mapping, new_gid stores a new primary gid,
    # new_gids stores the new_gid and all supplementary gids (numbers)

    if primary == "NONE":
        # Nothing selected by user, use system defaults
        new_gid = user_cache.get_gid_4user(user)
        new_gids = user_cache.get_gids_4user(user)
    else:
        try:
            new_gid = get_primary_group(primary, user, user_cache,
                                        fail_on_invalid_gids, config, LOG)
            new_gids = get_supplementary_groups(requested_groups, new_gid,
                                                user, config, LOG)
        except RuntimeError as err:
            return str(err)

    # Change identity/ drop privileges
    #
    # Impl note: yes, the primary gid will appear twice in the list, however
    # when there is no supplementary groups and only one gid (the primary gid)
    # was given then the function would result in leaving the current
    # process supplementary groups (i.e. root's). So don't change it!
    LOG.debug("Groups: primary %s supplementary %s" % (new_gid, new_gids))
    os.setgid(new_gid)
    os.setgroups(new_gids)
    os.setegid(new_gid)
    os.setresuid(new_uid, new_uid, new_uid)

    # TODO: potential refactoring here
    if os.getuid() != new_uid:
        return "Could not set UFTPD identity (real) to %s %s" % (user, new_uid)

    if os.geteuid() != new_uid:
        return "Could not set UFTPD identity (effective) to %s %s" % (user,
                                                                      new_uid)

    if os.getgid() != new_gid:
        return "Could not set UFTPD identity (group real) to %s %s" % (user,
                                                                       new_gid)

    if os.getgid() != new_gid:
        return "Could not set UFTPD identity (group real) to %s %s" % (user,
                                                                       new_gid)

    if os.getegid() != new_gid:
        return "Could not set UFTPD identity (group effective) to %s %s" % (
            user, new_gid)

    set_groups = set(os.getgroups())
    if set_groups != set(new_gids):
        return "Could not set UFTPD identity (supplementary groups) to %s %s, " \
               "got %s" % (user, new_gids, set_groups)

    # set environment
    os.environ['HOME'] = user_cache.get_home_4user(user)
    os.environ['USER'] = user
    os.environ['LOGNAME'] = user

    return True
示例#53
0
    def __init__(self):

        self.orig_uid = os.getuid()
        self.orig_gid = os.getgid()
        self.orig_groups = os.getgroups()
示例#54
0
conn_bufsize = 393216

# This is used in the CacheCollatedPostProcess and MiscIterToFile
# classes.  The number represents the number of rpaths which may be
# stuck in buffers when moving over a remote connection.
pipeline_max_length = 500

# True if script is running as a server
server = None

# uid and gid of the owner of the rdiff-backup process.  This can
# vary depending on the connection.
try:
    process_uid = os.getuid()
    process_gid = os.getgid()
    process_groups = [process_gid] + os.getgroups()
except AttributeError:
    process_uid = 0
    process_gid = 0
    process_groups = [0]

# If true, when copying attributes, also change target's uid/gid
change_ownership = None

# If true, change the permissions of unwriteable mirror files
# (such as directories) so that they can be written, and then
# change them back.  This defaults to 1 just in case the process
# is not running as root (root doesn't need to change
# permissions).
change_mirror_perms = (process_uid != 0)
示例#55
0
def become(user):
    try:
        userinfo = pwd.getpwuid(int(user))
    except:
        try:
            userinfo = pwd.getpwnam(user)
        except:
            raise ValueError('User {} not found'.format(user))

    if os.geteuid() == userinfo.pw_uid:
        return

    sys._SAVED_UID = os.geteuid()
    sys._SAVED_GID = os.getegid()
    sys._SAVED_GROUPS = os.getgroups()
    sys._SAVED_CWD = os.getcwdu()
    sys._SAVED_ENV = os.environ.copy()

    os.initgroups(userinfo.pw_name, userinfo.pw_gid)
    os.setegid(userinfo.pw_gid)
    os.seteuid(userinfo.pw_uid)

    os.environ['HOME'] = userinfo.pw_dir
    os.environ['USER'] = userinfo.pw_name
    os.environ['LOGNAME'] = userinfo.pw_name
    os.environ['SHELL'] = userinfo.pw_shell
    os.environ['XAUTHORITY'] = os.path.join(userinfo.pw_dir, '.Xauthority')

    user_dbus_socket = os.path.join('/', 'var', 'run', 'user',
                                    str(userinfo.pw_uid), 'dbus',
                                    'user_bus_socket')

    if os.path.exists(user_dbus_socket):
        os.environ[
            'DBUS_SESSION_BUS_ADDRESS'] = 'unix:path=' + user_dbus_socket
    elif 'DBUS_SESSION_BUS_ADDRESS' in os.environ:
        del os.environ['DBUS_SESSION_BUS_ADDRESS']

    for var in os.environ.keys():
        if var.startswith(('XDG_', 'GDM', 'DESKTOP_')):
            del os.environ[var]

    if 'PATH' in os.environ:
        os.environ['PATH'] += ':'.join([
            os.path.join(userinfo.pw_dir, '.local', 'bin'),
            os.path.join(userinfo.pw_dir, 'bin')
        ])

    try:
        os.chdir(userinfo.pw_dir)
    except:
        pass

    try:
        for line in subprocess.check_output([
                userinfo.pw_shell, '-c', '; '.join([
                    '[ -f /etc/profile ] && source /etc/profile >/dev/null 2>/dev/null',
                    '[ -f ~/.profile ] && source ~/.profile >/dev/null 2>/dev/null',
                    'printenv'
                ])
        ]).split('\n'):
            if line and '=' in line:
                k, v = line.split('=', 1)
                os.environ[k] = v
    except:
        pass
示例#56
0
def chugid(runas, group=None):
    '''
    Change the current process to belong to the specified user (and the groups
    to which it belongs)
    '''
    uinfo = pwd.getpwnam(runas)
    supgroups = []
    supgroups_seen = set()

    if group:
        try:
            target_pw_gid = grp.getgrnam(group).gr_gid
        except KeyError as err:
            raise CommandExecutionError(
                'Failed to fetch the GID for {0}. Error: {1}'.format(
                    group, err
                )
            )
    else:
        target_pw_gid = uinfo.pw_gid

    # The line below used to exclude the current user's primary gid.
    # However, when root belongs to more than one group
    # this causes root's primary group of '0' to be dropped from
    # his grouplist.  On FreeBSD, at least, this makes some
    # command executions fail with 'access denied'.
    #
    # The Python documentation says that os.setgroups sets only
    # the supplemental groups for a running process.  On FreeBSD
    # this does not appear to be strictly true.
    group_list = get_group_dict(runas, include_default=True)
    if sys.platform == 'darwin':
        group_list = dict((k, v) for k, v in six.iteritems(group_list)
                          if not k.startswith('_'))
    for group_name in group_list:
        gid = group_list[group_name]
        if (gid not in supgroups_seen
           and not supgroups_seen.add(gid)):
            supgroups.append(gid)

    if os.getgid() != target_pw_gid:
        try:
            os.setgid(target_pw_gid)
        except OSError as err:
            raise CommandExecutionError(
                'Failed to change from gid {0} to {1}. Error: {2}'.format(
                    os.getgid(), target_pw_gid, err
                )
            )

    # Set supplemental groups
    if sorted(os.getgroups()) != sorted(supgroups):
        try:
            os.setgroups(supgroups)
        except OSError as err:
            raise CommandExecutionError(
                'Failed to set supplemental groups to {0}. Error: {1}'.format(
                    supgroups, err
                )
            )

    if os.getuid() != uinfo.pw_uid:
        try:
            os.setuid(uinfo.pw_uid)
        except OSError as err:
            raise CommandExecutionError(
                'Failed to change from uid {0} to {1}. Error: {2}'.format(
                    os.getuid(), uinfo.pw_uid, err
                )
            )
示例#57
0
文件: metadata.py 项目: vo-va/bup
        uid = gid = -1  # By default, do nothing.
        if is_superuser():
            uid = self.uid
            gid = self.gid
            if not restore_numeric_ids:
                if self.uid != 0 and self.user:
                    entry = pwd_from_name(self.user)
                    if entry:
                        uid = entry.pw_uid
                if self.gid != 0 and self.group:
                    entry = grp_from_name(self.group)
                    if entry:
                        gid = entry.gr_gid
        else:  # not superuser - only consider changing the group/gid
            user_gids = os.getgroups()
            if self.gid in user_gids:
                gid = self.gid
            if not restore_numeric_ids and self.gid != 0:
                # The grp might not exist on the local system.
                grps = filter(None, [grp_from_gid(x) for x in user_gids])
                if self.group in [x.gr_name for x in grps]:
                    g = grp_from_name(self.group)
                    if g:
                        gid = g.gr_gid

        if uid != -1 or gid != -1:
            try:
                os.lchown(path, uid, gid)
            except OSError, e:
                if e.errno == errno.EPERM:
示例#58
0
def get_user_group():
    import os
    ugroup = os.getgroups()
    return ugroup
# -*- coding: utf-8 -*-
# @Author: Kajol.Patira
# @Date:   2021-01-04 19:04:37
# @Last Modified by:   Kajol.Patira
# @Last Modified time: 2021-01-04 21:11:39
# @Title: Program to get the effective group id, effective user id, real group id, a list of supplemental group ids associated with the current process.

import os
# Every process group is uniquely identified using process group id.
print("\nEffective group id: ", os.getegid())
print("Effective user id: ", os.geteuid())
print("Real group id: ", os.getgid())
print("List of supplemental group ids: ", os.getgroups())
print()
示例#60
0
# -*- coding: utf-8 -*-

import pwd
import os
import sys
import subprocess

if not hasattr(sys, '_BECOME_INITIALIZED'):
    sys._SAVED_UID = os.getuid()
    sys._SAVED_GID = os.getgid()
    sys._SAVED_GROUPS = os.getgroups()
    sys._SAVED_CWD = os.getcwdu()
    sys._SAVED_ENV = os.environ.copy()
    sys._BECOME_INITIALIZED = True


def become(user):
    try:
        userinfo = pwd.getpwuid(int(user))
    except:
        try:
            userinfo = pwd.getpwnam(user)
        except:
            raise ValueError('User {} not found'.format(user))

    if os.geteuid() == userinfo.pw_uid:
        return

    sys._SAVED_UID = os.geteuid()
    sys._SAVED_GID = os.getegid()
    sys._SAVED_GROUPS = os.getgroups()