def test_executeAsUser_Unix(self):
"""
Test executing as a different user.
"""
initial_uid, initial_gid = os.geteuid(), os.getegid()
initial_groups = os.getgroups()
test_user = mk.getTestUser(u'normal')
self.assertNotEqual(
sorted(self.getGroupsIDForTestAccount()),
sorted(os.getgroups()),
)
with system_users.executeAsUser(username=test_user.name):
import pwd
import grp
uid, gid = os.geteuid(), os.getegid()
impersonated_username = pwd.getpwuid(uid)[0].decode('utf-8')
impersonated_groupname = grp.getgrgid(gid)[0].decode('utf-8')
impersonated_groups = os.getgroups()
self.assertEqual(test_user.name, impersonated_username)
self.assertEqual(TEST_ACCOUNT_GROUP, impersonated_groupname)
self.assertNotEqual(initial_uid, uid)
self.assertNotEqual(initial_gid, gid)
self.assertNotEqual(initial_groups, impersonated_groups)
if self.os_name != 'osx':
# On OSX newer than 10.5 get/set groups are useless.
self.assertEqual(
sorted(self.getGroupsIDForTestAccount()),
sorted(impersonated_groups),
)
self.assertEqual(initial_uid, os.geteuid())
self.assertEqual(initial_gid, os.getegid())
self.assertEqual(initial_groups, os.getgroups())
def test_unequal(self):
old_sups = os.getgroups()
sups = [ 1, 2, 3 ]
if os.geteuid() == 0:
set_sups(sups)
self.assert_(eql_sups(os.getgroups(), sups))
# Clean up by resetting supplementary groups
set_sups(old_sups)
else:
self.assertRaises(OSError, set_sups, sups)
def run_as_root(argv, gain_root=''):
if not gain_root and which('pkexec') is not None:
# Use pkexec if possible. It has desktop integration, and will
# prompt for the user's password if they are administratively
# privileged (a member of group sudo), or root's password
# otherwise.
gain_root = 'pkexec'
if not gain_root and which('sudo') is not None:
# Use sudo as the next choice after pkexec, but only if we're in
# a group that should be able to use it.
try:
sudo_group = grp.getgrnam('sudo')
except KeyError:
pass
else:
if sudo_group.gr_gid in os.getgroups():
gain_root = 'sudo'
# If we are in the admin group, also use sudo, but only
# if this looks like Ubuntu. We use dpkg-vendor at build time
# to detect Ubuntu derivatives.
try:
admin_group = grp.getgrnam('admin')
except KeyError:
pass
else:
if (admin_group.gr_gid in os.getgroups() and
os.path.exists(os.path.join(DATADIR,
'is-ubuntu-derived'))):
gain_root = 'sudo'
if not gain_root:
# Use su if we don't have anything better.
gain_root = 'su'
if gain_root not in ('su', 'pkexec' ,'sudo', 'super', 'really'):
logger.warning(('Unknown privilege escalation method %r, assuming ' +
'it works like sudo') % gain_root)
if gain_root == 'su':
print('using su to obtain root privileges and install the package(s)')
# su expects a single sh(1) command-line
cmd = ' '.join([shlex.quote(arg) for arg in argv])
subprocess.call(['su', '-c', cmd])
else:
# this code path works for pkexec, sudo, super, really;
# we assume everything else is the same
print('using %s to obtain root privileges and install the package(s)' %
gain_root)
subprocess.call([gain_root] + list(argv))
def test_rsync_set_group(self):
"""Test setting the group membership on rsync'd files
"""
root = tempfile.mkdtemp(prefix="rsync_test_set_group_")
avail_groups = os.getgroups()
exp_group = grp.getgrgid(avail_groups[random.randint(1, len(avail_groups)) - 1])[0]
# Create some files to move
to_copy = self._create_test_files(root)
# Run rsync
with open(os.devnull, "w") as f:
old_stdout = sys.stdout
sys.stdout = f
rsync_files(to_copy, sys.stdout, exp_group, False)
sys.stdout = old_stdout
# Verify the copy process set the correct group on created directories
for ddir in set([d[1] for d in to_copy]):
gid = os.stat(ddir).st_gid
obs_group = grp.getgrgid(gid)[0]
self.assertEqual(
obs_group, exp_group, "Failed to set group '{}' on directory. Group is {}".format(exp_group, obs_group)
)
# Verify the copy process set the correct group
for src, ddir, dname in to_copy:
dfile = os.path.join(ddir, dname)
gid = os.stat(dfile).st_gid
obs_group = grp.getgrgid(gid)[0]
self.assertEqual(
obs_group, exp_group, "Failed to set group '{}' on file. Group is {}".format(exp_group, obs_group)
)
def _firstmissinggroup(groupnames):
usergids = set(os.getgroups())
for name in groupnames:
expectedgid = _grpname2gid(name)
# ignore unknown groups
if expectedgid is not None and expectedgid not in usergids:
return name
def get_os_internals():
os_internals = []
if hasattr(os, 'getcwd'):
os_internals.append(("Current Working Directory", os.getcwd()))
if hasattr(os, 'getegid'):
os_internals.append(("Effective Group ID", os.getegid()))
if hasattr(os, 'geteuid'):
os_internals.append(("Effective User ID", os.geteuid()))
if hasattr(os, 'getgid'):
os_internals.append(("Group ID", os.getgid()))
if hasattr(os, 'getuid'):
os_internals.append(("User ID", os.getuid()))
if hasattr(os, 'getgroups'):
os_internals.append(
("Group Membership", ', '.join(map(str, os.getgroups()))))
if hasattr(os, 'linesep'):
os_internals.append(("Line Seperator", repr(os.linesep)[1:-1]))
if hasattr(os, 'pathsep'):
os_internals.append(("Path Seperator", os.pathsep))
if hasattr(os, 'getloadavg'):
os_internals.append(("Load Avarage",
', '.join(map(lambda x: str(round(x, 2)), os.getloadavg()))))
return os_internals
def show_user_info():
print 'User (actual/effective) : %d / %d' % \
(os.getuid(), os.geteuid())
print 'Group (actual/effective) : %d / %d' % \
(os.getgid(), os.getegid())
print 'Actual Groups :', os.getgroups()
return
def is_writable(path):
# Ensure that it exists.
if not os.path.exists(path):
return False
# If we're on a posix system, check its permissions.
if hasattr(os, 'getuid'):
statdata = os.stat(path)
perm = stat.S_IMODE(statdata.st_mode)
# is it world-writable?
if (perm & 0o002):
return True
# do we own it?
elif statdata.st_uid == os.getuid() and (perm & 0o200):
return True
# are we in a group that can write to it?
elif (statdata.st_gid in [os.getgid()] + os.getgroups()) \
and (perm & 0o020):
return True
# otherwise, we can't write to it.
else:
return False
# Otherwise, we'll assume it's writable.
# [xx] should we do other checks on other platforms?
return True
def _runAsUser(self, f, *args, **kw):
euid = os.geteuid()
egid = os.getegid()
groups = os.getgroups()[:16]
uid, gid = self.getUserGroupId()
os.setegid(0)
os.seteuid(0)
os.setgroups(self.getOtherGroups())
os.setegid(gid)
os.seteuid(uid)
try:
f = iter(f)
except TypeError:
f = [(f, args, kw)]
try:
for i in f:
func = i[0]
args = len(i)>1 and i[1] or ()
kw = len(i)>2 and i[2] or {}
r = func(*args, **kw)
finally:
os.setegid(0)
os.seteuid(0)
os.setgroups(groups)
os.setegid(egid)
os.seteuid(euid)
return r
def test_chown_lchown_group(self):
"""user should be able to change group of file/link"""
## setup part 1, find two user group ids we can use
gids = os.getgroups()
if len(gids)<2:
raise SkipTest("need to be member of at least two groups to run this test")
## setup, part 2 - create a file and a link
file = self._create_file(u'chown_test_file1')
link = self.path.child('chown_test_link1')
file.symlink(link)
## helper function - check that file has gid0 and link has
## gid1 or opposite
def _chk_grps(reverse=0):
eq(file.stat().st_gid, gids[reverse])
eq(link.stat().st_gid, gids[reverse])
eq(link.lstat().st_gid, gids[not reverse])
uid = os.geteuid()
## setting file to gid0 and link to gid1
file.lchown(uid, gids[0])
link.lchown(uid, gids[1])
_chk_grps()
## reversing
file.chown(uid, gids[1])
link.lchown(uid, gids[0])
_chk_grps(1)
## setting link to gid0 and file to gid1
link.chown(uid, gids[0])
link.lchown(uid, gids[1])
_chk_grps(0)
def effectively_readable(path):
import os, stat
uid = os.getuid()
euid = os.geteuid()
gid = os.getgid()
egid = os.getegid()
# This is probably true most of the time, so just let os.access()
# handle it. Avoids potential bugs in the rest of this function.
if uid == euid and gid == egid:
return os.access(path, os.R_OK)
st = os.stat(path)
# This may be wrong depending on the semantics of your OS.
# i.e. if the file is -------r--, does the owner have access or not?
if st.st_uid == euid:
return st.st_mode & stat.S_IRUSR != 0
# See comment for UID check above.
groups = os.getgroups()
if st.st_gid == egid or st.st_gid in groups:
return st.st_mode & stat.S_IRGRP != 0
return st.st_mode & stat.S_IROTH != 0
def __enter__(self):
if self.uid:
self.saved_uid = os.geteuid()
self.saved_groups = os.getgroups()
if self.uid:
os.setgroups(self.saved_groups + [AID_INET])
os.seteuid(self.uid)
def _get_non_member_group(self):
"""Get a group tuple that this user is not a member of."""
user_groups = set(os.getgroups())
for group in grp.getgrall():
if group.gr_gid not in user_groups:
return group
self.skipTest('no usable groups found')
def get_config(self):
""" Load default, group and user configuation. Then merge them all.
The loadpriority is done in the following order:
1- User section
2- Group section
3- Default section
"""
self.config.read(self.conf['configfile'])
self.user = getuser()
self.conf_raw = {}
# get 'default' configuration if any
self.get_config_sub('default')
# get groups configuration if any.
# for each group the user belongs to, check if specific configuration \
# exists. The primary group has the highest priority.
grplist = os.getgroups()
grplist.reverse()
for gid in grplist:
try:
grpname = grp.getgrgid(gid)[0]
section = 'grp:' + grpname
self.get_config_sub(section)
except KeyError:
pass
# get user configuration if any
self.get_config_sub(self.user)
def test_os_setgroups(self):
os = self.posix
raises(TypeError, os.setgroups, [2, 5, "hello"])
try:
os.setgroups(os.getgroups())
except OSError:
pass
def setUp(self):
self.metadata = obnamlib.Metadata()
self.metadata.st_atime_sec = 12765
self.metadata.st_atime_nsec = 0
self.metadata.st_mode = 42 | stat.S_IFREG
self.metadata.st_mtime_sec = 10**9
self.metadata.st_mtime_nsec = 0
# make sure the uid/gid magic numbers aren't the current users
self.metadata.st_uid = os.getuid() + 1234
self.metadata.st_gid = 5678
while self.metadata.st_gid in os.getgroups():
self.metadata.st_gid += 1
fd, self.filename = tempfile.mkstemp()
os.close(fd)
# On some systems (e.g. FreeBSD) /tmp is apparently setgid and
# default gid of files is therefore not the user's gid.
os.chown(self.filename, os.getuid(), os.getgid())
self.fs = obnamlib.LocalFS('/')
self.fs.connect()
self.uid_set = None
self.gid_set = None
self.fs.lchown = self.fake_lchown
obnamlib.set_metadata(self.fs, self.filename, self.metadata)
self.st = os.stat(self.filename)
def check_filesystem_permissions(self):
import grp
grname = self.globalconf.root.jurt_group
logger.debug("checking if the user is a member of the %s group" %
(grname))
try:
group = grp.getgrnam(grname)
except KeyError:
raise SetupError, ("there is no system group '%s', please check "
"your jurt installation (and see jurt-setup)" %
(grname))
uname, uid = su.my_username()
if uname not in group.gr_mem:
raise PermissionError, ("your user %s should be member of the "
"%s group in order to jurt work. Did you run (as root) "
"jurt-setup -u %s ?" % (uname, grname, uname))
if group.gr_gid not in os.getgroups():
raise PermissionError, ("your user is NOT effectively running as a "
"member of the %s group, please restart your session "
"before running jurt" % (grname))
sticky = [self.targetconf.roots_path, self.targetconf.spool_dir,
self.targetconf.logs_dir, self.targetconf.failure_dir,
self.targetconf.success_dir]
for path in sticky:
logger.debug("checking write permission for %s" % (path))
if not os.access(path, os.W_OK):
raise PermissionError, ("%s has no write permission for "
"you, please check your jurt installation" %
(path))
def _readconf(self):
apt_pkg.init()
self.Cnf = apt_pkg.Configuration()
apt_pkg.read_config_file_isc(self.Cnf, which_conf_file())
# Check whether our dak.conf was the real one or
# just a pointer to our main one
res = socket.gethostbyaddr(socket.gethostname())
conffile = self.Cnf.get("Config::" + res[0] + "::DakConfig")
if conffile:
apt_pkg.read_config_file_isc(self.Cnf, conffile)
# Read group-specific options
if 'ByGroup' in self.Cnf:
bygroup = self.Cnf.subtree('ByGroup')
groups = set([os.getgid()])
groups.update(os.getgroups())
for group in bygroup.list():
gid = grp.getgrnam(group).gr_gid
if gid in groups:
if bygroup.get(group):
apt_pkg.read_config_file_isc(self.Cnf, bygroup[group])
break
# Rebind some functions
# TODO: Clean this up
self.get = self.Cnf.get
self.subtree = self.Cnf.subtree
self.value_list = self.Cnf.value_list
self.find = self.Cnf.find
self.find_b = self.Cnf.find_b
self.find_i = self.Cnf.find_i
def __init__(self, buildopts, koji_obj):
self.buildopts = buildopts
self.koji_obj = koji_obj
cfg_path = self._init_get_cfg_path()
self.mock_cmd = ['mock']
if cfg_path:
cfg_abspath = os.path.abspath(cfg_path)
cfg_abspath_no_ext = re.sub(r'\.cfg$', '', cfg_abspath)
self.cfg_name = os.path.basename(cfg_abspath_no_ext)
if not os.path.isfile(cfg_abspath):
raise MockError("Couldn't find mock config file at " + cfg_abspath)
# The cfg file passed to mock is always relative to /etc/mock
self.mock_cmd += ['-r', "../../" + cfg_abspath_no_ext]
else:
self.cfg_name = None
self.target_arch = buildopts['target_arch']
try:
mock_gid = grp.getgrnam('mock').gr_gid
except KeyError:
raise MockError("The mock group does not exist on this system!")
if mock_gid not in os.getgroups():
raise MockError(
"""You are not able to do a mock build on this machine because you are not in the mock group.
/etc/group must be edited and your username must be added to the mock group.
You might need to log out and log in for the changes to take effect""")
def which(file, path=None):
"""
Does what which(1) does: searches the PATH in order for a given file name
and returns the full path to first match.
"""
if not path:
path = os.getenv("PATH")
for p in path.split(":"):
fullpath = os.path.join(p, file)
try:
st = os.stat(fullpath)
except OSError:
continue
if sys.platform == 'win32':
return fullpath
# On non-Windows, ensure the file is both executable and accessible to
# the user.
if os.geteuid() == st[stat.ST_UID]:
mask = stat.S_IXUSR
elif st[stat.ST_GID] in os.getgroups():
mask = stat.S_IXGRP
else:
mask = stat.S_IXOTH
if stat.S_IMODE(st[stat.ST_MODE]) & mask:
return fullpath
return None
def which(file, path = None):
"""
Does what which(1) does: searches the PATH for a given file
name and returns a list of matches.
"""
if not path:
path = os.getenv("PATH")
for p in path.split(":"):
fullpath = os.path.join(p, file)
try:
st = os.stat(fullpath)
except OSError:
continue
if os.geteuid() == st[stat.ST_UID]:
mask = stat.S_IXUSR
elif st[stat.ST_GID] in os.getgroups():
mask = stat.S_IXGRP
else:
mask = stat.S_IXOTH
if stat.S_IMODE(st[stat.ST_MODE]) & mask:
return fullpath
return None
def _init(settings):
"""
Use config variables like PORTAGE_GRPNAME and PORTAGE_USERNAME to
initialize global variables. This allows settings to come from make.conf
instead of requiring them to be set in the calling environment.
"""
if '_portage_grpname' not in _initialized_globals and \
'_portage_username' not in _initialized_globals:
# Prevents "TypeError: expected string" errors
# from grp.getgrnam() with PyPy
native_string = platform.python_implementation() == 'PyPy'
v = settings.get('PORTAGE_GRPNAME', 'portage')
if native_string:
v = portage._native_string(v)
globals()['_portage_grpname'] = v
_initialized_globals.add('_portage_grpname')
v = settings.get('PORTAGE_USERNAME', 'portage')
if native_string:
v = portage._native_string(v)
globals()['_portage_username'] = v
_initialized_globals.add('_portage_username')
if 'secpass' not in _initialized_globals:
v = 0
if uid == 0:
v = 2
elif "unprivileged" in settings.features:
v = 2
elif portage_gid in os.getgroups():
v = 1
globals()['secpass'] = v
_initialized_globals.add('secpass')
def setup_class(cls):
cls.space = space
cls.w_posix = space.appexec([], GET_POSIX)
cls.w_path = space.wrap(str(path))
cls.w_path2 = space.wrap(str(path2))
cls.w_pdir = space.wrap(str(pdir))
try:
cls.w_unicode_dir = space.wrap(
str(unicode_dir).decode(sys.getfilesystemencoding()))
except UnicodeDecodeError:
# filesystem encoding is not good enough
cls.w_unicode_dir = space.w_None
if hasattr(os, 'getuid'):
cls.w_getuid = space.wrap(os.getuid())
cls.w_geteuid = space.wrap(os.geteuid())
if hasattr(os, 'getgid'):
cls.w_getgid = space.wrap(os.getgid())
if hasattr(os, 'getgroups'):
cls.w_getgroups = space.newlist([space.wrap(e) for e in os.getgroups()])
if hasattr(os, 'getpgid'):
cls.w_getpgid = space.wrap(os.getpgid(os.getpid()))
if hasattr(os, 'getsid'):
cls.w_getsid0 = space.wrap(os.getsid(0))
if hasattr(os, 'sysconf'):
sysconf_name = os.sysconf_names.keys()[0]
cls.w_sysconf_name = space.wrap(sysconf_name)
cls.w_sysconf_value = space.wrap(os.sysconf_names[sysconf_name])
cls.w_sysconf_result = space.wrap(os.sysconf(sysconf_name))
cls.w_SIGABRT = space.wrap(signal.SIGABRT)
cls.w_python = space.wrap(sys.executable)
if hasattr(os, 'major'):
cls.w_expected_major_12345 = space.wrap(os.major(12345))
cls.w_expected_minor_12345 = space.wrap(os.minor(12345))
cls.w_udir = space.wrap(str(udir))
def show_user_info():
print "Effective User :"******"Effective Group :", os.getegid()
print "Actual User :"******"Actual Group :", os.getgid()
print "Actual Groups :", os.getgroups()
return
def drop_privs(self, uid):
(uid, gid) = pwd.getpwnam(uid)[2:4]
os.setgroups([gid,])
os.setgid(gid)
os.setuid(uid)
if 0 in [os.getuid(), os.getgid()] + list(os.getgroups()):
raise Exception("error - drop root, please!")
def _process_securely(self, operation, path, request, *args, **kw):
user = request.user_object()
groups = os.getgroups()
is_root = not os.getuid()
uid = os.geteuid()
gid = os.getegid()
if not is_root:
msg = (
"Framework is not running as root so effective uid "
"and gid are not being changed prior to doing %s: "
"%s" % (request.get_command(), path)
)
msglog.log("FileRequestHandler", msglog.types.WARN, msg)
else:
if self.debug:
msg = "%s command: file %s, user %s" % (request.get_command(), path, user.name())
msglog.log(self.name, msglog.types.DB, msg)
os.setgroups(user.group_ids())
os.setegid(user.gid())
os.seteuid(user.uid())
try:
result = operation(path, request, *args, **kw)
finally:
if is_root:
os.seteuid(uid)
os.setegid(gid)
os.setgroups(groups)
return result
def _runAsUser(self, f, *args, **kw):
""" Method to logged-in a user.
"""
user_is_root = os.getuid() == 0 # for tests
if user_is_root:
euid = os.geteuid()
egid = os.getegid()
groups = os.getgroups()
uid, gid = self.getUserGroupId()
os.setegid(0)
os.seteuid(0)
os.setgroups(self.getOtherGroups())
os.setegid(gid)
os.seteuid(uid)
try:
f = iter(f)
except TypeError:
f = [(f, args, kw)]
try:
for i in f:
func = i[0]
args = len(i) > 1 and i[1] or ()
kw = len(i) > 2 and i[2] or {}
r = func(*args, **kw)
finally:
if user_is_root:
os.setegid(0)
os.seteuid(0)
os.setgroups(groups)
os.setegid(egid)
os.seteuid(euid)
return r
def setupPermissionChecks():
uid = os.getuid()
groups = os.getgroups()
if uid == 0:
return None # If super-user, return None. Causes no checking to happen.
# Otherwise, create a closure function which can be used to do checking for each file.
def checkPermission(pUid, pGid, mode):
if stat.S_ISDIR(mode):
if (uid == pUid) and (stat.S_IRUSR & mode) and (stat.S_IXUSR & mode):
return True
elif (pGid in groups) and (stat.S_IRGRP & mode) and (stat.S_IXGRP & mode):
return True
elif (stat.S_IROTH & mode) and (stat.S_IXOTH & mode):
return True
else:
if (uid == pUid) and (stat.S_IRUSR & mode):
return True
elif (pGid in groups) and (stat.S_IRGRP & mode):
return True
elif stat.S_IROTH & mode:
return True
return False
# And return the function.
return checkPermission
def show_user_info():
print 'Utente effettivo :', os.geteuid()
print 'Gruppo effettivo :', os.getegid()
print 'Utente reale :', os.getuid(), os.getlogin()
print 'Gruppo reale :', os.getgid()
print 'Gruppi reali :', os.getgroups()
return
def run(self, input=None, command=None):
makedirs(self.path)
try:
os.symlink(sys.argv[0], join(self.path, 'rerun'))
except OSError:
pass
self.id = (os.getuid(), os.getgid(), os.getgroups())
self.env = os.environ
self.stdin = input
if command:
self.command = command
def run(command, input=None):
try:
child = Popen(command, stdin=PIPE, stdout=PIPE, stderr=PIPE)
stdout, stderr = child.communicate(input)
return stdout, stderr, child.returncode
except OSError, e:
return "", str(e), None
self.stdout, self.stderr, self.exitcode = run(command, input)
sys.exit(self.exitcode)
def _is_live(self):
for group in os.getgroups():
if group == os.getuid() == 999 and grp.getgrgid(
group).gr_name == os.getenv('LOGNAME') == 'jolicloud':
return True
return False
def _is_guest(self):
for group in os.getgroups():
if grp.getgrgid(group).gr_name == 'guests':
return True
return False
def is_superuser():
# https://cygwin.com/ml/cygwin/2015-02/msg00057.html
groups = os.getgroups()
return 544 in groups or 0 in groups
import os groups = os.getgroups() print groups
def report_ids(msg):
logger.debug('{msg}: uid={uid}, gid={gid}, groups={grp}'.format(
msg=msg, uid=os.getuid(), gid=os.getgid(), grp=os.getgroups()))
def _get_non_member_group(self):
"""Find a group that this user is not a member of."""
# All that matters is that we return a gid outside of the set of this
# user's groups.
user_groups = set(os.getgroups())
return max(user_groups) + 1
debug = True
debug_filename = args.debug
try:
debug_fileobj = open(debug_filename, mode='a')
except OSError as err:
sys.stderr.write('WARN: Error opening debug file "{}": {}\n'.format(
debug_filename, err))
debug = False
else:
debug = False
dbg('Debug started')
dbg('Arguments: bind_address={}, bind_port={}, mival={}, verbose={}, snmp_agent={}, print_table={}'
.format(bind_address, bind_port, mival, verbose, snmp_agent, print_table))
dbg('RUID: {}, EUID: {}, SUID: {}, RGID: {}, EGID:{}, SGID: {}'.format(
*(os.getresuid() + os.getresgid())))
dbg('Group IDs: {}'.format(repr(os.getgroups())))
# Save base time
ts_base = time.time()
dbg('Saved base timestamp: {}'.format(ts_base))
# We should pass handshake quickly
# We don't want to block while read from stdin if acting as SNMP agent
if snmp_agent:
# Handshake
try:
dbg('Waiting handshake')
line = sys.stdin.readline()
dbg('Read line from stdin: {}'.format(repr(line)))
except OSError as err:
sys.stderr.write('Error reading stdin: {}\n'.format(err))
def test_os_getgroups(self):
os = self.posix
assert os.getgroups() == self.getgroups
def _get_global(k):
if k in _initialized_globals:
return globals()[k]
if k == "secpass":
unprivileged = False
if hasattr(portage, "settings"):
unprivileged = "unprivileged" in portage.settings.features
else:
# The config class has equivalent code, but we also need to
# do it here if _disable_legacy_globals() has been called.
eroot_or_parent = first_existing(
os.path.join(_target_root(),
_target_eprefix().lstrip(os.sep)))
try:
eroot_st = os.stat(eroot_or_parent)
except OSError:
pass
else:
unprivileged = _unprivileged_mode(eroot_or_parent, eroot_st)
v = 0
if uid == 0:
v = 2
elif unprivileged:
v = 2
elif _get_global("portage_gid") in os.getgroups():
v = 1
elif k in ("portage_gid", "portage_uid"):
# Discover the uid and gid of the portage user/group
keyerror = False
try:
portage_uid = pwd.getpwnam(_get_global("_portage_username")).pw_uid
except KeyError:
keyerror = True
portage_uid = 0
try:
portage_gid = grp.getgrnam(_get_global("_portage_grpname")).gr_gid
except KeyError:
keyerror = True
portage_gid = 0
# Suppress this error message if both PORTAGE_GRPNAME and
# PORTAGE_USERNAME are set to "root", for things like
# Android (see bug #454060).
if keyerror and not (_get_global("_portage_username") == "root"
and _get_global("_portage_grpname") == "root"):
writemsg(
colorize("BAD", _("portage: 'portage' user or group missing."))
+ "\n",
noiselevel=-1,
)
writemsg(
_(" For the defaults, line 1 goes into passwd, "
"and 2 into group.\n"),
noiselevel=-1,
)
writemsg(
colorize(
"GOOD",
" portage:x:250:250:portage:/var/tmp/portage:/bin/false",
) + "\n",
noiselevel=-1,
)
writemsg(colorize("GOOD", " portage::250:portage") + "\n",
noiselevel=-1)
portage_group_warning()
globals()["portage_gid"] = portage_gid
_initialized_globals.add("portage_gid")
globals()["portage_uid"] = portage_uid
_initialized_globals.add("portage_uid")
if k == "portage_gid":
return portage_gid
if k == "portage_uid":
return portage_uid
raise AssertionError("unknown name: %s" % k)
elif k == "userpriv_groups":
v = [_get_global("portage_gid")]
if secpass >= 2:
# Get a list of group IDs for the portage user. Do not use
# grp.getgrall() since it is known to trigger spurious
# SIGPIPE problems with nss_ldap.
cmd = ["id", "-G", _portage_username]
encoding = portage._encodings["content"]
cmd = [
portage._unicode_encode(x, encoding=encoding, errors="strict")
for x in cmd
]
proc = subprocess.Popen(cmd,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
myoutput = proc.communicate()[0]
status = proc.wait()
if os.WIFEXITED(status) and os.WEXITSTATUS(status) == os.EX_OK:
for x in portage._unicode_decode(myoutput,
encoding=encoding,
errors="strict").split():
try:
v.append(int(x))
except ValueError:
pass
v = sorted(set(v))
# Avoid instantiating portage.settings when the desired
# variable is set in os.environ.
elif k in ("_portage_grpname", "_portage_username"):
v = None
if k == "_portage_grpname":
env_key = "PORTAGE_GRPNAME"
else:
env_key = "PORTAGE_USERNAME"
if env_key in os.environ:
v = os.environ[env_key]
elif hasattr(portage, "settings"):
v = portage.settings.get(env_key)
else:
# The config class has equivalent code, but we also need to
# do it here if _disable_legacy_globals() has been called.
eroot_or_parent = first_existing(
os.path.join(_target_root(),
_target_eprefix().lstrip(os.sep)))
try:
eroot_st = os.stat(eroot_or_parent)
except OSError:
pass
else:
if _unprivileged_mode(eroot_or_parent, eroot_st):
if k == "_portage_grpname":
try:
grp_struct = grp.getgrgid(eroot_st.st_gid)
except KeyError:
pass
else:
v = grp_struct.gr_name
else:
try:
pwd_struct = pwd.getpwuid(eroot_st.st_uid)
except KeyError:
pass
else:
v = pwd_struct.pw_name
if v is None:
v = "portage"
else:
raise AssertionError("unknown name: %s" % k)
globals()[k] = v
_initialized_globals.add(k)
return v
def check_group_membership():
if 'lago' not in [grp.getgrgid(gid).gr_name for gid in os.getgroups()]:
warnings.warn('current session does not belong to lago group.')
""" Write a Python program to get the effective group id, effective user id, real group id,
a list of supplemental group ids associated with the current process.
Note: Availability: Unix. """
import os
# get effective group id
print("Effective group id : ", os.getegid())
# get effective user id
print("Effective user id : ", os.geteuid())
# get real group id
print("Real group id : ", os.getgid())
# get list of groups
print("List of group : ", os.getgroups())
import os
UserId = ("The User ID: ", os.getuid())
print(UserId)
GroupId = ("The Group ID: ", os.getegid())
print(GroupId)
Realgroup = ("The Real Group ID: ", os.getgid())
print(Realgroup)
Supplement = ("The Supplement ID: ", os.getgroups())
print(Supplement)
import crypt
import functools
import grp
import os
import platform
import pwd
import random
import socket
import subprocess
import threading
import rqconstants
PERMISSIONS = threading.Lock()
HIGH_PERMISSION_GROUPS = os.getgroups()
class Memoize(object):
"""From: https://gist.github.com/267733/8f5d2e3576b6a6f221f6fb7e2e10d395ad7303f9"""
def __init__(self, func):
self.func = func
self.memoized = {}
self.methodCache = {}
def __call__(self, *args):
return self.cacheGet(self.memoized, args,
lambda: self.func(*args))
def __get__(self, obj, objtype):
return self.cacheGet(self.methodCache, obj,
lambda: self.__class__(functools.partial(self.func, obj)))
def cacheGet(self, cache, key, func):
def is_unarchived(self):
cmd = '%s -ZT -s "%s"' % (self.cmd_path, self.src)
if self.excludes:
cmd += ' -x "' + '" "'.join(self.excludes) + '"'
rc, out, err = self.module.run_command(cmd)
old_out = out
diff = ''
out = ''
if rc == 0:
unarchived = True
else:
unarchived = False
# Get some information related to user/group ownership
umask = os.umask(0)
os.umask(umask)
# Get current user and group information
groups = os.getgroups()
run_uid = os.getuid()
run_gid = os.getgid()
try:
run_owner = pwd.getpwuid(run_uid).pw_name
except:
run_owner = run_uid
try:
run_group = grp.getgrgid(run_gid).gr_name
except:
run_group = run_gid
# Get future user ownership
fut_owner = fut_uid = None
if self.file_args['owner']:
try:
tpw = pwd.getpwname(self.file_args['owner'])
except:
try:
tpw = pwd.getpwuid(self.file_args['owner'])
except:
tpw = pwd.getpwuid(run_uid)
fut_owner = tpw.pw_name
fut_uid = tpw.pw_uid
else:
try:
fut_owner = run_owner
except:
pass
fut_uid = run_uid
# Get future group ownership
fut_group = fut_gid = None
if self.file_args['group']:
try:
tgr = grp.getgrnam(self.file_args['group'])
except:
try:
tgr = grp.getgrgid(self.file_args['group'])
except:
tgr = grp.getgrgid(run_gid)
fut_group = tgr.gr_name
fut_gid = tgr.gr_gid
else:
try:
fut_group = run_group
except:
pass
fut_gid = run_gid
for line in old_out.splitlines():
change = False
pcs = line.split()
if len(pcs) != 8: continue
ztype = pcs[0][0]
permstr = pcs[0][1:10]
version = pcs[0][1]
ostype = pcs[0][2]
size = int(pcs[3])
path = pcs[7]
# Skip excluded files
if path in self.excludes:
out += 'Path %s is excluded on request\n' % path
continue
# Itemized change requires L for symlink
if path[-1] == '/':
if ztype != 'd':
err += 'Path %s incorrectly tagged as "%s", but is a directory.\n' % (
path, ztype)
ftype = 'd'
elif ztype == 'l':
ftype = 'L'
elif ztype == '-':
ftype = 'f'
elif ztype == '?':
ftype = 'f'
# Some files may be storing FAT permissions, not Unix permissions
if len(permstr) == 6:
if path[-1] == '/':
permstr = 'rwxrwxrwx'
elif permstr == 'rwx---':
permstr = 'rwxrwxrwx'
else:
permstr = 'rw-rw-rw-'
# Test string conformity
if len(permstr) != 9 or not ZIP_FILE_MODE_RE.match(permstr):
raise UnarchiveError('ZIP info perm format incorrect, %s' %
permstr)
# DEBUG
# err += "%s%s %10d %s\n" % (ztype, permstr, size, path)
dest = os.path.join(self.dest, path)
try:
st = os.lstat(dest)
except:
change = True
self.includes.append(path)
err += 'Path %s is missing\n' % path
diff += '>%s++++++.?? %s\n' % (ftype, path)
continue
# Compare file types
if ftype == 'd' and not stat.S_ISDIR(st.st_mode):
change = True
self.includes.append(path)
err += 'File %s already exists, but not as a directory\n' % path
diff += 'c%s++++++.?? %s\n' % (ftype, path)
continue
if ftype == 'f' and not stat.S_ISREG(st.st_mode):
change = True
unarchived = False
self.includes.append(path)
err += 'Directory %s already exists, but not as a regular file\n' % path
diff += 'c%s++++++.?? %s\n' % (ftype, path)
continue
if ftype == 'L' and not stat.S_ISLNK(st.st_mode):
change = True
self.includes.append(path)
err += 'Directory %s already exists, but not as a symlink\n' % path
diff += 'c%s++++++.?? %s\n' % (ftype, path)
continue
itemized = bytearray('.%s.......??' % ftype)
dt_object = datetime.datetime(
*(time.strptime(pcs[6], '%Y%m%d.%H%M%S')[0:6]))
timestamp = time.mktime(dt_object.timetuple())
# Compare file timestamps
if stat.S_ISREG(st.st_mode):
if self.module.params['keep_newer']:
if timestamp > st.st_mtime:
change = True
self.includes.append(path)
err += 'File %s is older, replacing file\n' % path
itemized[4] = 't'
elif stat.S_ISREG(st.st_mode) and timestamp < st.st_mtime:
# Add to excluded files, ignore other changes
out += 'File %s is newer, excluding file\n' % path
continue
else:
if timestamp != st.st_mtime:
change = True
self.includes.append(path)
err += 'File %s differs in mtime (%f vs %f)\n' % (
path, timestamp, st.st_mtime)
itemized[4] = 't'
# Compare file sizes
if stat.S_ISREG(st.st_mode) and size != st.st_size:
change = True
err += 'File %s differs in size (%d vs %d)\n' % (path, size,
st.st_size)
itemized[3] = 's'
# Compare file checksums
if stat.S_ISREG(st.st_mode):
crc = crc32(dest)
if crc != self._crc32(path):
change = True
err += 'File %s differs in CRC32 checksum (0x%08x vs 0x%08x)\n' % (
path, self._crc32(path), crc)
itemized[2] = 'c'
# Compare file permissions
# Do not handle permissions of symlinks
if ftype != 'L':
# Only special files require no umask-handling
if ztype == '?':
mode = self._permstr_to_octal(permstr, 0)
else:
mode = self._permstr_to_octal(permstr, umask)
if self.file_args['mode'] and self.file_args[
'mode'] != stat.S_IMODE(st.st_mode):
change = True
err += 'Path %s differs in permissions (%o vs %o)\n' % (
path, self.file_args['mode'], stat.S_IMODE(st.st_mode))
itemized[5] = 'p'
elif mode != stat.S_IMODE(st.st_mode):
change = True
itemized[5] = 'p'
err += 'Path %s differs in permissions (%o vs %o)\n' % (
path, mode, stat.S_IMODE(st.st_mode))
# Compare file user ownership
owner = uid = None
try:
owner = pwd.getpwuid(st.st_uid).pw_name
except:
uid = st.st_uid
# If we are not root and requested owner is not our user, fail
if run_uid != 0 and (fut_owner != run_owner or fut_uid != run_uid):
raise UnarchiveError(
'Cannot change ownership of %s to %s, as user %s' %
(path, fut_owner, run_owner))
if owner and owner != fut_owner:
change = True
err += 'Path %s is owned by user %s, not by user %s as expected\n' % (
path, owner, fut_owner)
itemized[6] = 'o'
elif uid and uid != fut_uid:
change = True
err += 'Path %s is owned by uid %s, not by uid %s as expected\n' % (
path, uid, fut_uid)
itemized[6] = 'o'
# Compare file group ownership
group = gid = None
try:
group = grp.getgrgid(st.st_gid).gr_name
except:
gid = st.st_gid
if run_uid != 0 and fut_gid not in groups:
raise UnarchiveError(
'Cannot change group ownership of %s to %s, as user %s' %
(path, fut_group, run_owner))
if group and group != fut_group:
change = True
err += 'Path %s is owned by group %s, not by group %s as expected\n' % (
path, group, fut_group)
itemized[6] = 'g'
elif gid and gid != fut_gid:
change = True
err += 'Path %s is owned by gid %s, not by gid %s as expected\n' % (
path, gid, fut_gid)
itemized[6] = 'g'
# Register changed files and finalize diff output
if change:
if path not in self.includes:
self.includes.append(path)
diff += '%s %s\n' % (itemized, path)
if self.includes:
unarchived = False
# DEBUG
# out = old_out + out
return dict(unarchived=unarchived,
rc=rc,
out=out,
err=err,
cmd=cmd,
diff=diff)
import os print(os.getgroups())
def _apply_common_rec(self, path, restore_numeric_ids=False):
if not self.mode:
raise ApplyError('no metadata - cannot apply to ' + path)
# FIXME: S_ISDOOR, S_IFMPB, S_IFCMP, S_IFNWK, ... see stat(2).
# EACCES errors at this stage are fatal for the current path.
if lutime and stat.S_ISLNK(self.mode):
try:
lutime(path, (self.atime, self.mtime))
except OSError as e:
if e.errno == errno.EACCES:
raise ApplyError('lutime: %s' % e)
else:
raise
else:
try:
utime(path, (self.atime, self.mtime))
except OSError as e:
if e.errno == errno.EACCES:
raise ApplyError('utime: %s' % e)
else:
raise
uid = gid = -1 # By default, do nothing.
if is_superuser():
uid = self.uid
gid = self.gid
if not restore_numeric_ids:
if self.uid != 0 and self.user:
entry = pwd_from_name(self.user)
if entry:
uid = entry.pw_uid
if self.gid != 0 and self.group:
entry = grp_from_name(self.group)
if entry:
gid = entry.gr_gid
else: # not superuser - only consider changing the group/gid
user_gids = os.getgroups()
if self.gid in user_gids:
gid = self.gid
if not restore_numeric_ids and self.gid != 0:
# The grp might not exist on the local system.
grps = filter(None, [grp_from_gid(x) for x in user_gids])
if self.group in [x.gr_name for x in grps]:
g = grp_from_name(self.group)
if g:
gid = g.gr_gid
if uid != -1 or gid != -1:
try:
os.lchown(path, uid, gid)
except OSError as e:
if e.errno == errno.EPERM:
add_error('lchown: %s' % e)
elif sys.platform.startswith('cygwin') \
and e.errno == errno.EINVAL:
add_error('lchown: unknown uid/gid (%d/%d) for %s' %
(uid, gid, path))
else:
raise
if _have_lchmod:
try:
os.lchmod(path, stat.S_IMODE(self.mode))
except errno.ENOSYS: # Function not implemented
pass
elif not stat.S_ISLNK(self.mode):
os.chmod(path, stat.S_IMODE(self.mode))
def is_unarchived(self):
cmd = [ self.cmd_path, '-ZT', '-s', self.src ]
if self.excludes:
cmd.extend([ ' -x ', ] + self.excludes)
rc, out, err = self.module.run_command(cmd)
old_out = out
diff = ''
out = ''
if rc == 0:
unarchived = True
else:
unarchived = False
# Get some information related to user/group ownership
umask = os.umask(0)
os.umask(umask)
# Get current user and group information
groups = os.getgroups()
run_uid = os.getuid()
run_gid = os.getgid()
try:
run_owner = pwd.getpwuid(run_uid).pw_name
except:
run_owner = run_uid
try:
run_group = grp.getgrgid(run_gid).gr_name
except:
run_group = run_gid
# Get future user ownership
fut_owner = fut_uid = None
if self.file_args['owner']:
try:
tpw = pwd.getpwname(self.file_args['owner'])
except:
try:
tpw = pwd.getpwuid(self.file_args['owner'])
except:
tpw = pwd.getpwuid(run_uid)
fut_owner = tpw.pw_name
fut_uid = tpw.pw_uid
else:
try:
fut_owner = run_owner
except:
pass
fut_uid = run_uid
# Get future group ownership
fut_group = fut_gid = None
if self.file_args['group']:
try:
tgr = grp.getgrnam(self.file_args['group'])
except:
try:
tgr = grp.getgrgid(self.file_args['group'])
except:
tgr = grp.getgrgid(run_gid)
fut_group = tgr.gr_name
fut_gid = tgr.gr_gid
else:
try:
fut_group = run_group
except:
pass
fut_gid = run_gid
for line in old_out.splitlines():
change = False
pcs = line.split(None, 7)
if len(pcs) != 8:
# Too few fields... probably a piece of the header or footer
continue
# Check first and seventh field in order to skip header/footer
if len(pcs[0]) != 7 and len(pcs[0]) != 10:
continue
if len(pcs[6]) != 15:
continue
# Possible entries:
# -rw-rws--- 1.9 unx 2802 t- defX 11-Aug-91 13:48 perms.2660
# -rw-a-- 1.0 hpf 5358 Tl i4:3 4-Dec-91 11:33 longfilename.hpfs
# -r--ahs 1.1 fat 4096 b- i4:2 14-Jul-91 12:58 EA DATA. SF
# --w------- 1.0 mac 17357 bx i8:2 4-May-92 04:02 unzip.macr
if pcs[0][0] not in 'dl-?' or not frozenset(pcs[0][1:]).issubset('rwxstah-'):
continue
ztype = pcs[0][0]
permstr = pcs[0][1:]
version = pcs[1]
ostype = pcs[2]
size = int(pcs[3])
path = to_text(pcs[7], errors='surrogate_or_strict')
# Skip excluded files
if path in self.excludes:
out += 'Path %s is excluded on request\n' % path
continue
# Itemized change requires L for symlink
if path[-1] == '/':
if ztype != 'd':
err += 'Path %s incorrectly tagged as "%s", but is a directory.\n' % (path, ztype)
ftype = 'd'
elif ztype == 'l':
ftype = 'L'
elif ztype == '-':
ftype = 'f'
elif ztype == '?':
ftype = 'f'
# Some files may be storing FAT permissions, not Unix permissions
if len(permstr) == 6:
if path[-1] == '/':
permstr = 'rwxrwxrwx'
elif permstr == 'rwx---':
permstr = 'rwxrwxrwx'
else:
permstr = 'rw-rw-rw-'
# Test string conformity
if len(permstr) != 9 or not ZIP_FILE_MODE_RE.match(permstr):
raise UnarchiveError('ZIP info perm format incorrect, %s' % permstr)
# DEBUG
# err += "%s%s %10d %s\n" % (ztype, permstr, size, path)
dest = os.path.join(self.dest, path)
try:
st = os.lstat(dest)
except:
change = True
self.includes.append(path)
err += 'Path %s is missing\n' % path
diff += '>%s++++++.?? %s\n' % (ftype, path)
continue
# Compare file types
if ftype == 'd' and not stat.S_ISDIR(st.st_mode):
change = True
self.includes.append(path)
err += 'File %s already exists, but not as a directory\n' % path
diff += 'c%s++++++.?? %s\n' % (ftype, path)
continue
if ftype == 'f' and not stat.S_ISREG(st.st_mode):
change = True
unarchived = False
self.includes.append(path)
err += 'Directory %s already exists, but not as a regular file\n' % path
diff += 'c%s++++++.?? %s\n' % (ftype, path)
continue
if ftype == 'L' and not stat.S_ISLNK(st.st_mode):
change = True
self.includes.append(path)
err += 'Directory %s already exists, but not as a symlink\n' % path
diff += 'c%s++++++.?? %s\n' % (ftype, path)
continue
itemized = list('.%s.......??' % ftype)
# Note: this timestamp calculation has a rounding error
# somewhere... unzip and this timestamp can be one second off
# When that happens, we report a change and re-unzip the file
dt_object = datetime.datetime(*(time.strptime(pcs[6], '%Y%m%d.%H%M%S')[0:6]))
timestamp = time.mktime(dt_object.timetuple())
# Compare file timestamps
if stat.S_ISREG(st.st_mode):
if self.module.params['keep_newer']:
if timestamp > st.st_mtime:
change = True
self.includes.append(path)
err += 'File %s is older, replacing file\n' % path
itemized[4] = 't'
elif stat.S_ISREG(st.st_mode) and timestamp < st.st_mtime:
# Add to excluded files, ignore other changes
out += 'File %s is newer, excluding file\n' % path
self.excludes.append(path)
continue
else:
if timestamp != st.st_mtime:
change = True
self.includes.append(path)
err += 'File %s differs in mtime (%f vs %f)\n' % (path, timestamp, st.st_mtime)
itemized[4] = 't'
# Compare file sizes
if stat.S_ISREG(st.st_mode) and size != st.st_size:
change = True
err += 'File %s differs in size (%d vs %d)\n' % (path, size, st.st_size)
itemized[3] = 's'
# Compare file checksums
if stat.S_ISREG(st.st_mode):
crc = crc32(dest)
if crc != self._crc32(path):
change = True
err += 'File %s differs in CRC32 checksum (0x%08x vs 0x%08x)\n' % (path, self._crc32(path), crc)
itemized[2] = 'c'
# Compare file permissions
# Do not handle permissions of symlinks
if ftype != 'L':
# Use the new mode provided with the action, if there is one
if self.file_args['mode']:
if isinstance(self.file_args['mode'], int):
mode = self.file_args['mode']
else:
try:
mode = int(self.file_args['mode'], 8)
except Exception:
e = get_exception()
self.module.fail_json(path=path, msg="mode %(mode)s must be in octal form" % self.file_args, details=str(e))
# Only special files require no umask-handling
elif ztype == '?':
mode = self._permstr_to_octal(permstr, 0)
else:
mode = self._permstr_to_octal(permstr, umask)
if mode != stat.S_IMODE(st.st_mode):
change = True
itemized[5] = 'p'
err += 'Path %s differs in permissions (%o vs %o)\n' % (path, mode, stat.S_IMODE(st.st_mode))
# Compare file user ownership
owner = uid = None
try:
owner = pwd.getpwuid(st.st_uid).pw_name
except:
uid = st.st_uid
# If we are not root and requested owner is not our user, fail
if run_uid != 0 and (fut_owner != run_owner or fut_uid != run_uid):
raise UnarchiveError('Cannot change ownership of %s to %s, as user %s' % (path, fut_owner, run_owner))
if owner and owner != fut_owner:
change = True
err += 'Path %s is owned by user %s, not by user %s as expected\n' % (path, owner, fut_owner)
itemized[6] = 'o'
elif uid and uid != fut_uid:
change = True
err += 'Path %s is owned by uid %s, not by uid %s as expected\n' % (path, uid, fut_uid)
itemized[6] = 'o'
# Compare file group ownership
group = gid = None
try:
group = grp.getgrgid(st.st_gid).gr_name
except:
gid = st.st_gid
if run_uid != 0 and fut_gid not in groups:
raise UnarchiveError('Cannot change group ownership of %s to %s, as user %s' % (path, fut_group, run_owner))
if group and group != fut_group:
change = True
err += 'Path %s is owned by group %s, not by group %s as expected\n' % (path, group, fut_group)
itemized[6] = 'g'
elif gid and gid != fut_gid:
change = True
err += 'Path %s is owned by gid %s, not by gid %s as expected\n' % (path, gid, fut_gid)
itemized[6] = 'g'
# Register changed files and finalize diff output
if change:
if path not in self.includes:
self.includes.append(path)
diff += '%s %s\n' % (''.join(itemized), path)
if self.includes:
unarchived = False
# DEBUG
# out = old_out + out
return dict(unarchived=unarchived, rc=rc, out=out, err=err, cmd=cmd, diff=diff)
def gid(self):
grps = os.getgroups()
if os_data.portage_gid in grps:
return os_data.portage_gid
return grps[0]
def get_group(user_id):
groups = sorted(os.getgroups())
if user_id in groups:
return user_id
else:
return groups[len(groups) - 1]
BYPASS_GPG = os.environ.get("BYPASS_GPG", "").lower() == "true"
ENV_EGG = os.environ.get("EGG")
NEW_EGG = "/var/lib/insights/newest.egg"
STABLE_EGG = "/var/lib/insights/last_stable.egg"
RPM_EGG = "/etc/insights-client/rpm.egg"
EGGS = [ENV_EGG, NEW_EGG, STABLE_EGG, RPM_EGG]
logger = logging.getLogger(__name__)
# handle user/group permissions
try:
insights_uid = pwd.getpwnam("insights").pw_uid
insights_gid = pwd.getpwnam("insights").pw_gid
insights_grpid = grp.getgrnam("insights").gr_gid
curr_user_grps = os.getgroups()
except:
insights_uid = insights_gid = insights_grpid = None
def log(msg):
print(msg, file=sys.stderr)
def demote(uid, gid, run_as_root):
if (run_as_root):
return None
if os.geteuid() == 0:
def result():
os.setgid(gid)
os.setuid(uid)
def collect_os(info_add):
import os
def format_attr(attr, value):
if attr in ('supports_follow_symlinks', 'supports_fd',
'supports_effective_ids'):
return str(sorted(func.__name__ for func in value))
else:
return value
attributes = (
'name',
'supports_bytes_environ',
'supports_effective_ids',
'supports_fd',
'supports_follow_symlinks',
)
copy_attributes(info_add, os, 'os.%s', attributes, formatter=format_attr)
info_add("os.cwd", os.getcwd())
call_func(info_add, 'os.uid', os, 'getuid')
call_func(info_add, 'os.gid', os, 'getgid')
call_func(info_add, 'os.uname', os, 'uname')
if hasattr(os, 'getgroups'):
groups = os.getgroups()
groups = map(str, groups)
groups = ', '.join(groups)
info_add("os.groups", groups)
if hasattr(os, 'getlogin'):
try:
login = os.getlogin()
except OSError:
# getlogin() fails with "OSError: [Errno 25] Inappropriate ioctl
# for device" on Travis CI
pass
else:
info_add("os.login", login)
if hasattr(os, 'cpu_count'):
cpu_count = os.cpu_count()
if cpu_count:
info_add('os.cpu_count', cpu_count)
call_func(info_add, 'os.loadavg', os, 'getloadavg')
# Get environment variables: filter to list
# to not leak sensitive information
ENV_VARS = (
"CC",
"COMSPEC",
"DISPLAY",
"DISTUTILS_USE_SDK",
"DYLD_LIBRARY_PATH",
"HOME",
"HOMEDRIVE",
"HOMEPATH",
"LANG",
"LD_LIBRARY_PATH",
"MACOSX_DEPLOYMENT_TARGET",
"MAKEFLAGS",
"MSSDK",
"PATH",
"SDK_TOOLS_BIN",
"SHELL",
"TEMP",
"TERM",
"TMP",
"TMPDIR",
"USERPROFILE",
"WAYLAND_DISPLAY",
)
for name, value in os.environ.items():
uname = name.upper()
if (uname in ENV_VARS or uname.startswith(("PYTHON", "LC_"))
# Visual Studio: VS140COMNTOOLS
or (uname.startswith("VS") and uname.endswith("COMNTOOLS"))):
info_add('os.environ[%s]' % name, value)
if hasattr(os, 'umask'):
mask = os.umask(0)
os.umask(mask)
info_add("os.umask", '%03o' % mask)
if hasattr(os, 'getrandom'):
# PEP 524: Check if system urandom is initialized
try:
os.getrandom(1, os.GRND_NONBLOCK)
state = 'ready (initialized)'
except BlockingIOError as exc:
state = 'not seeded yet (%s)' % exc
info_add('os.getrandom', state)
def become_user(user, requested_groups, config, LOG: Log):
"""
Change the process' identity (real and effective) to a user's (if
process was started with sufficient privileges to allow this,
does nothing otherwise)
Arguments:
user = Name of the user
requested_groups = list of group names
config - configuration
LOG - logger
Returns: True if successful, an error string otherwise
Side effects: modifies the ENV array, setting values for USER, LOGNAME and
HOME
"""
euid = config['uftpd.effective_uid']
setting_uids = config['uftpd.switch_uid']
user_cache = config['uftpd.user_cache']
fail_on_invalid_gids = config.get('uftpd.fail_on_invalid_gids', True)
primary = requested_groups[0]
if not setting_uids:
if euid == 0:
# make sure to prevent running things as root
return "Running as root and not setting uids --- this is not " \
"allowed. Please check your UFTPD installation!"
else:
return True
new_uid = user_cache.get_uid_4user(user)
if new_uid == -1:
return "Attempted to select unknown user '%s'" % user
if new_uid == 0:
return "Attempted to select 'root'"
# Do project (group) mapping, new_gid stores a new primary gid,
# new_gids stores the new_gid and all supplementary gids (numbers)
if primary == "NONE":
# Nothing selected by user, use system defaults
new_gid = user_cache.get_gid_4user(user)
new_gids = user_cache.get_gids_4user(user)
else:
try:
new_gid = get_primary_group(primary, user, user_cache,
fail_on_invalid_gids, config, LOG)
new_gids = get_supplementary_groups(requested_groups, new_gid,
user, config, LOG)
except RuntimeError as err:
return str(err)
# Change identity/ drop privileges
#
# Impl note: yes, the primary gid will appear twice in the list, however
# when there is no supplementary groups and only one gid (the primary gid)
# was given then the function would result in leaving the current
# process supplementary groups (i.e. root's). So don't change it!
LOG.debug("Groups: primary %s supplementary %s" % (new_gid, new_gids))
os.setgid(new_gid)
os.setgroups(new_gids)
os.setegid(new_gid)
os.setresuid(new_uid, new_uid, new_uid)
# TODO: potential refactoring here
if os.getuid() != new_uid:
return "Could not set UFTPD identity (real) to %s %s" % (user, new_uid)
if os.geteuid() != new_uid:
return "Could not set UFTPD identity (effective) to %s %s" % (user,
new_uid)
if os.getgid() != new_gid:
return "Could not set UFTPD identity (group real) to %s %s" % (user,
new_gid)
if os.getgid() != new_gid:
return "Could not set UFTPD identity (group real) to %s %s" % (user,
new_gid)
if os.getegid() != new_gid:
return "Could not set UFTPD identity (group effective) to %s %s" % (
user, new_gid)
set_groups = set(os.getgroups())
if set_groups != set(new_gids):
return "Could not set UFTPD identity (supplementary groups) to %s %s, " \
"got %s" % (user, new_gids, set_groups)
# set environment
os.environ['HOME'] = user_cache.get_home_4user(user)
os.environ['USER'] = user
os.environ['LOGNAME'] = user
return True
def __init__(self):
self.orig_uid = os.getuid()
self.orig_gid = os.getgid()
self.orig_groups = os.getgroups()
conn_bufsize = 393216
# This is used in the CacheCollatedPostProcess and MiscIterToFile
# classes. The number represents the number of rpaths which may be
# stuck in buffers when moving over a remote connection.
pipeline_max_length = 500
# True if script is running as a server
server = None
# uid and gid of the owner of the rdiff-backup process. This can
# vary depending on the connection.
try:
process_uid = os.getuid()
process_gid = os.getgid()
process_groups = [process_gid] + os.getgroups()
except AttributeError:
process_uid = 0
process_gid = 0
process_groups = [0]
# If true, when copying attributes, also change target's uid/gid
change_ownership = None
# If true, change the permissions of unwriteable mirror files
# (such as directories) so that they can be written, and then
# change them back. This defaults to 1 just in case the process
# is not running as root (root doesn't need to change
# permissions).
change_mirror_perms = (process_uid != 0)
def become(user):
try:
userinfo = pwd.getpwuid(int(user))
except:
try:
userinfo = pwd.getpwnam(user)
except:
raise ValueError('User {} not found'.format(user))
if os.geteuid() == userinfo.pw_uid:
return
sys._SAVED_UID = os.geteuid()
sys._SAVED_GID = os.getegid()
sys._SAVED_GROUPS = os.getgroups()
sys._SAVED_CWD = os.getcwdu()
sys._SAVED_ENV = os.environ.copy()
os.initgroups(userinfo.pw_name, userinfo.pw_gid)
os.setegid(userinfo.pw_gid)
os.seteuid(userinfo.pw_uid)
os.environ['HOME'] = userinfo.pw_dir
os.environ['USER'] = userinfo.pw_name
os.environ['LOGNAME'] = userinfo.pw_name
os.environ['SHELL'] = userinfo.pw_shell
os.environ['XAUTHORITY'] = os.path.join(userinfo.pw_dir, '.Xauthority')
user_dbus_socket = os.path.join('/', 'var', 'run', 'user',
str(userinfo.pw_uid), 'dbus',
'user_bus_socket')
if os.path.exists(user_dbus_socket):
os.environ[
'DBUS_SESSION_BUS_ADDRESS'] = 'unix:path=' + user_dbus_socket
elif 'DBUS_SESSION_BUS_ADDRESS' in os.environ:
del os.environ['DBUS_SESSION_BUS_ADDRESS']
for var in os.environ.keys():
if var.startswith(('XDG_', 'GDM', 'DESKTOP_')):
del os.environ[var]
if 'PATH' in os.environ:
os.environ['PATH'] += ':'.join([
os.path.join(userinfo.pw_dir, '.local', 'bin'),
os.path.join(userinfo.pw_dir, 'bin')
])
try:
os.chdir(userinfo.pw_dir)
except:
pass
try:
for line in subprocess.check_output([
userinfo.pw_shell, '-c', '; '.join([
'[ -f /etc/profile ] && source /etc/profile >/dev/null 2>/dev/null',
'[ -f ~/.profile ] && source ~/.profile >/dev/null 2>/dev/null',
'printenv'
])
]).split('\n'):
if line and '=' in line:
k, v = line.split('=', 1)
os.environ[k] = v
except:
pass
def chugid(runas, group=None):
'''
Change the current process to belong to the specified user (and the groups
to which it belongs)
'''
uinfo = pwd.getpwnam(runas)
supgroups = []
supgroups_seen = set()
if group:
try:
target_pw_gid = grp.getgrnam(group).gr_gid
except KeyError as err:
raise CommandExecutionError(
'Failed to fetch the GID for {0}. Error: {1}'.format(
group, err
)
)
else:
target_pw_gid = uinfo.pw_gid
# The line below used to exclude the current user's primary gid.
# However, when root belongs to more than one group
# this causes root's primary group of '0' to be dropped from
# his grouplist. On FreeBSD, at least, this makes some
# command executions fail with 'access denied'.
#
# The Python documentation says that os.setgroups sets only
# the supplemental groups for a running process. On FreeBSD
# this does not appear to be strictly true.
group_list = get_group_dict(runas, include_default=True)
if sys.platform == 'darwin':
group_list = dict((k, v) for k, v in six.iteritems(group_list)
if not k.startswith('_'))
for group_name in group_list:
gid = group_list[group_name]
if (gid not in supgroups_seen
and not supgroups_seen.add(gid)):
supgroups.append(gid)
if os.getgid() != target_pw_gid:
try:
os.setgid(target_pw_gid)
except OSError as err:
raise CommandExecutionError(
'Failed to change from gid {0} to {1}. Error: {2}'.format(
os.getgid(), target_pw_gid, err
)
)
# Set supplemental groups
if sorted(os.getgroups()) != sorted(supgroups):
try:
os.setgroups(supgroups)
except OSError as err:
raise CommandExecutionError(
'Failed to set supplemental groups to {0}. Error: {1}'.format(
supgroups, err
)
)
if os.getuid() != uinfo.pw_uid:
try:
os.setuid(uinfo.pw_uid)
except OSError as err:
raise CommandExecutionError(
'Failed to change from uid {0} to {1}. Error: {2}'.format(
os.getuid(), uinfo.pw_uid, err
)
)
uid = gid = -1 # By default, do nothing.
if is_superuser():
uid = self.uid
gid = self.gid
if not restore_numeric_ids:
if self.uid != 0 and self.user:
entry = pwd_from_name(self.user)
if entry:
uid = entry.pw_uid
if self.gid != 0 and self.group:
entry = grp_from_name(self.group)
if entry:
gid = entry.gr_gid
else: # not superuser - only consider changing the group/gid
user_gids = os.getgroups()
if self.gid in user_gids:
gid = self.gid
if not restore_numeric_ids and self.gid != 0:
# The grp might not exist on the local system.
grps = filter(None, [grp_from_gid(x) for x in user_gids])
if self.group in [x.gr_name for x in grps]:
g = grp_from_name(self.group)
if g:
gid = g.gr_gid
if uid != -1 or gid != -1:
try:
os.lchown(path, uid, gid)
except OSError, e:
if e.errno == errno.EPERM:
def get_user_group():
import os
ugroup = os.getgroups()
return ugroup
# -*- coding: utf-8 -*-
# @Author: Kajol.Patira
# @Date: 2021-01-04 19:04:37
# @Last Modified by: Kajol.Patira
# @Last Modified time: 2021-01-04 21:11:39
# @Title: Program to get the effective group id, effective user id, real group id, a list of supplemental group ids associated with the current process.
import os
# Every process group is uniquely identified using process group id.
print("\nEffective group id: ", os.getegid())
print("Effective user id: ", os.geteuid())
print("Real group id: ", os.getgid())
print("List of supplemental group ids: ", os.getgroups())
print()
# -*- coding: utf-8 -*-
import pwd
import os
import sys
import subprocess
if not hasattr(sys, '_BECOME_INITIALIZED'):
sys._SAVED_UID = os.getuid()
sys._SAVED_GID = os.getgid()
sys._SAVED_GROUPS = os.getgroups()
sys._SAVED_CWD = os.getcwdu()
sys._SAVED_ENV = os.environ.copy()
sys._BECOME_INITIALIZED = True
def become(user):
try:
userinfo = pwd.getpwuid(int(user))
except:
try:
userinfo = pwd.getpwnam(user)
except:
raise ValueError('User {} not found'.format(user))
if os.geteuid() == userinfo.pw_uid:
return
sys._SAVED_UID = os.geteuid()
sys._SAVED_GID = os.getegid()
sys._SAVED_GROUPS = os.getgroups()