def sync_trees(self,tree,dst,user,client):
record = pwd.getpwnam(user)
# temporarily grant access to the unpack staging area by modifying the
# group of the top-level repository directory
os.chown(self.localCopy,-1,record.pw_gid)
# we do the sync operation as the specified user; so we need to fork
# ourself again and change our user/group mode
pid = os.fork()
if pid != 0:
# synchronously wait for the child to do its work
os.wait()
os.chown(self.localCopy,-1,0) # change back to root
return
# set effective permissions; we almost reproduce a login shell here
# because we have to load up the user's supplementary group ids
os.setegid(record.pw_gid)
os.initgroups(user,record.pw_gid)
os.seteuid(record.pw_uid)
# redirect the process's stdout (underlying os-level redirection) to the
# socket
os.dup2(client.fileno(),1)
os.dup2(client.fileno(),2)
os.close(client.fileno())
# exec rsync over this process to copy updated content to the
# destination; we assume that rsync is installed on the system
change_dir(self.localCopy)
if tree[len(tree)-1] != '/':
tree += '/' # rsync requires this
os.execlp('rsync','rsync','--exclude=.git/','-rvu','--chmod=ugo=rwX',tree,dst)
def change_process_owner(uid, gid, initgroups):
""" Change the owning UID and GID of this process.
Sets the GID then the UID of the process (in that order, to
avoid permission errors) to the specified `gid` and `uid`
values. Requires appropriate OS privileges for this process.
If `initgroups` is true, all groups of the user with UID
`uid` are set as supplementary groups.
"""
if initgroups:
try:
pwd_entry = pwd.getpwuid(uid)
except KeyError:
initgroups = False
try:
if initgroups:
os.initgroups(pwd_entry.pw_name, gid)
else:
os.setgid(gid)
os.setuid(uid)
except Exception as exc:
error = DaemonOSEnvironmentError(
"Unable to change file creation mask (%(exc)s)"
% vars())
raise error
def check_user(user):
'''
Check user and assign process uid/gid.
'''
if salt.utils.is_windows():
return True
if user == salt.utils.get_user():
return True
import pwd # after confirming not running Windows
try:
pwuser = pwd.getpwnam(user)
try:
if hasattr(os, 'initgroups'):
os.initgroups(user, pwuser.pw_gid)
else:
os.setgroups(salt.utils.get_gid_list(user, include_default=False))
os.setgid(pwuser.pw_gid)
os.setuid(pwuser.pw_uid)
except OSError:
msg = 'Salt configured to run as user "{0}" but unable to switch.'
msg = msg.format(user)
if is_console_configured():
log.critical(msg)
else:
sys.stderr.write("CRITICAL: {0}\n".format(msg))
return False
except KeyError:
msg = 'User not found: "{0}"'.format(user)
if is_console_configured():
log.critical(msg)
else:
sys.stderr.write("CRITICAL: {0}\n".format(msg))
return False
return True
def prepare(suid, slave):
if suid is not None:
try:
if not type(suid) in (int, long):
userinfo = pwd.getpwnam(suid)
suid = userinfo.pw_uid
sgid = userinfo.pw_gid
else:
userinfo = pwd.getpwuid(suid)
sgid = userinfo.pw_gid
except:
pass
try:
if slave:
path = os.getttyname(slave)
os.chown(path, suid)
except:
pass
try:
os.initgroups(userinfo.pw_name, sgid)
os.chdir(userinfo.pw_dir)
except:
pass
try:
os.setresgid(suid, suid, sgid)
os.setresuid(suid, suid, sgid)
except:
pass
os.setsid()
fcntl.ioctl(sys.stdin, termios.TIOCSCTTY, 0)
def preexec_fn():
streams = [sys.stdin]
if self.close_child_stdout:
streams.append(sys.stdout)
if self.close_child_stderr:
streams.append(sys.stderr)
self._null_streams(streams)
os.setsid()
for limit, value in self.rlimits.items():
res = getattr(resource, 'RLIMIT_%s' % limit.upper(), None)
if res is None:
raise ValueError('unknown rlimit "%s"' % limit)
# TODO(petef): support hard/soft limits
resource.setrlimit(res, (value, value))
if self.gid:
try:
os.setgid(self.gid)
except OverflowError:
if not ctypes:
raise
# versions of python < 2.6.2 don't manage unsigned int for
# groups like on osx or fedora
os.setgid(-ctypes.c_int(-self.gid).value)
os.initgroups(self.username, self.gid)
if self.uid:
os.setuid(self.uid)
def _change_effective_privileges(username=None, euid=None, egid=None):
"""
Change current process effective user and group.
"""
if username:
username_encoded = username.encode('utf-8')
try:
pwnam = pwd.getpwnam(username_encoded)
except KeyError:
raise ChangeUserException(_(u'User does not exists.'))
euid = pwnam.pw_uid
egid = pwnam.pw_gid
else:
assert euid is not None
pwnam = pwd.getpwuid(euid)
username_encoded = pwnam.pw_name
uid, gid = os.geteuid(), os.getegid()
if uid == euid and gid == egid:
return
try:
if uid != 0:
# We set root euid first to get full permissions.
os.seteuid(0)
os.setegid(0)
# Make sure to set user euid as the last action. Otherwise we will no
# longer have permissions to change egid.
os.initgroups(username_encoded, egid)
os.setegid(egid)
os.seteuid(euid)
except OSError:
raise ChangeUserException(u'Could not switch user.')
def drop_privileges(user, uid, gid):
if os.getgid() != gid:
os.setgid(gid)
os.initgroups(user, gid)
if os.getuid() != uid:
os.setuid(uid)
def prepare(suid, slave):
if suid is not None:
try:
if not type(suid) in (int, long):
userinfo = pwd.getpwnam(suid)
suid = userinfo.pw_uid
sgid = userinfo.pw_gid
else:
userinfo = pwd.getpwuid(suid)
sgid = userinfo.pw_gid
except:
pass
try:
if slave:
path = os.getttyname(slave)
os.chown(path, suid)
except:
pass
try:
os.initgroups(userinfo.pw_name, sgid)
os.chdir(userinfo.pw_dir)
except:
pass
try:
os.setresgid(suid, suid, sgid)
os.setresuid(suid, suid, sgid)
except:
pass
os.setsid()
fcntl.ioctl(sys.stdin, termios.TIOCSCTTY, 0)
def drop_privileges(passwd, group):
if os.geteuid() != 0:
logger.error("Can't drop privileges (EUID != 0)")
return
os.setgid(group.gr_gid)
os.initgroups(passwd.pw_name, group.gr_gid)
os.setuid(passwd.pw_uid)
def sync_trees(self, tree, dst, user, client):
record = pwd.getpwnam(user)
# temporarily grant access to the unpack staging area by modifying the
# group of the top-level repository directory
os.chown(self.localCopy, -1, record.pw_gid)
# we do the sync operation as the specified user; so we need to fork
# ourself again and change our user/group mode
pid = os.fork()
if pid != 0:
# synchronously wait for the child to do its work
os.wait()
os.chown(self.localCopy, -1, 0) # change back to root
return
# set effective permissions; we almost reproduce a login shell here
# because we have to load up the user's supplementary group ids
os.setegid(record.pw_gid)
os.initgroups(user, record.pw_gid)
os.seteuid(record.pw_uid)
# redirect the process's stdout (underlying os-level redirection) to the
# socket
os.dup2(client.fileno(), 1)
os.dup2(client.fileno(), 2)
os.close(client.fileno())
# exec rsync over this process to copy updated content to the
# destination; we assume that rsync is installed on the system
change_dir(self.localCopy)
if tree[len(tree) - 1] != '/':
tree += '/' # rsync requires this
os.execlp('rsync', 'rsync', '--exclude=.git/', '-rvu',
'--chmod=ugo=rwX', tree, dst)
def preexec_fn():
streams = [sys.stdin]
if self.close_child_stdout:
streams.append(sys.stdout)
if self.close_child_stderr:
streams.append(sys.stderr)
self._null_streams(streams)
os.setsid()
for limit, value in self.rlimits.items():
res = getattr(resource, 'RLIMIT_%s' % limit.upper(), None)
if res is None:
raise ValueError('unknown rlimit "%s"' % limit)
# TODO(petef): support hard/soft limits
resource.setrlimit(res, (value, value))
if self.gid:
try:
os.setgid(self.gid)
except OverflowError:
if not ctypes:
raise
# versions of python < 2.6.2 don't manage unsigned int for
# groups like on osx or fedora
os.setgid(-ctypes.c_int(-self.gid).value)
os.initgroups(self.username, self.gid)
if self.uid:
os.setuid(self.uid)
def change_process_owner(uid, gid, initgroups=False):
""" Change the owning UID, GID, and groups of this process.
:param uid: The target UID for the daemon process.
:param gid: The target GID for the daemon process.
:param initgroups: If true, initialise the supplementary
groups of the process.
:return: ``None``.
Sets the owning GID and UID of the process (in that order, to
avoid permission errors) to the specified `gid` and `uid`
values.
If `initgroups` is true, the supplementary groups of the
process are also initialised, with those corresponding to the
username for the target UID.
All these operations require appropriate OS privileges. If
permission is denied, a ``DaemonOSEnvironmentError`` is
raised.
"""
try:
username = get_username_for_uid(uid)
except KeyError:
# We don't have a username to pass to ‘os.initgroups’.
initgroups = False
try:
if initgroups:
os.initgroups(username, gid)
else:
os.setgid(gid)
os.setuid(uid)
except Exception as exc:
error = DaemonOSEnvironmentError(
"Unable to change process owner ({exc})".format(exc=exc))
raise error
def main():
# Ensure we can write to log, while we are still root
p = pathlib.Path('/var/log/cwltool.log')
p.touch()
p.chmod(0o666)
# GCP startup scripts default to running as root
# So let's change to the rapt user
p = pwd.getpwnam('rapt')
os.initgroups(p.pw_name, p.pw_gid)
os.setgid(p.pw_gid)
os.setuid(p.pw_uid)
os.chdir(p.pw_dir)
os.environ['HOME'] = p.pw_dir
os.environ['NCBI_CONFIG__GENBANK__PREOPEN'] = 'false'
# Run the pipeline
rapt = rapt_control()
if rapt.has_run():
atexit.unregister(
shutdown) # In this case, we don't want to kill the instance
print("Work products exist, exiting startup script")
sys.exit(0)
try:
rapt.setup()
rapt.run_skesa()
rapt.run_ani()
rapt.run_cwl()
except subprocess.CalledProcessError as err:
print(f"Failed Command: {err.cmd}, Returned: {err.returncode}")
print(f"Stderr: {err.stderr.decode('utf-8')}")
finally:
rapt.upload_results()
def check_user(user):
'''
Check user and assign process uid/gid.
'''
if salt.utils.is_windows():
return True
if user == getpass.getuser():
return True
import pwd # after confirming not running Windows
try:
pwuser = pwd.getpwnam(user)
try:
if hasattr(os, 'initgroups'):
os.initgroups(user, pwuser.pw_gid)
else:
os.setgroups(salt.utils.get_gid_list(user, include_default=False))
os.setgid(pwuser.pw_gid)
os.setuid(pwuser.pw_uid)
except OSError:
msg = 'Salt configured to run as user "{0}" but unable to switch.'
msg = msg.format(user)
if is_console_configured():
log.critical(msg)
else:
sys.stderr.write("CRITICAL: {0}\n".format(msg))
return False
except KeyError:
msg = 'User not found: "{0}"'.format(user)
if is_console_configured():
log.critical(msg)
else:
sys.stderr.write("CRITICAL: {0}\n".format(msg))
return False
return True
def shell(self):
self.callee = utils.User(name='nobody')
assert self.callee is not None
try:
os.chdir(self.path or self.callee.dir)
except:
pass
env = os.environ
# User has been auth with ssl or is the same user as server
# or login is explicitly turned off
if (
not tornado.options.options.unsecure and
tornado.options.options.login and not (
self.socket.local and
self.caller == self.callee and
server == self.callee
)):
# User is authed by ssl, setting groups
try:
os.initgroups(self.callee.name, self.callee.gid)
os.setgid(self.callee.gid)
os.setuid(self.callee.uid)
except:
print('The server must be run as root '
'if you want to log as different user\n')
sys.exit(1)
args = [tornado.options.options.shell or self.callee.shell]
args.append('-q')
args.append('--lf')
args.append('/dev/pts/2')
os.execvpe(args[0], args, env)
def change_process_owner(user):
""" change the process owner to the given one """
if not user.isnumeric():
try:
passwd = pwd.getpwnam(user)
except KeyError:
logerr(LOGFILE, "Error: User '%s' does not exist.\n" % user)
return 1
try:
os.initgroups(passwd.pw_name, passwd.pw_gid)
except PermissionError as err:
logerr(LOGFILE, "Error: initgroups() failed: %s\n" % str(err))
return 1
gid = passwd.pw_gid
uid = passwd.pw_uid
else:
if int(user) > 0xffffffff:
logerr(LOGFILE, "Error: uid %s outside valid range.\n" % user)
gid = int(user)
uid = int(user)
try:
os.setgid(gid)
except PermissionError as err:
logerr(LOGFILE, "Error: setgid(%d) failed: %s\n" % (gid, str(err)))
return 1
try:
os.setuid(uid)
except PermissionError as err:
logerr(LOGFILE, "Error: setuid(%d) failed: %s\n" % (uid, str(err)))
return 1
return 0
def _drop_privileges(self):
uid = pwd.getpwnam(self.config.daemon.user_name).pw_uid
gid = grp.getgrnam(self.config.daemon.group_name).gr_gid
# Restore ownership of run directory.
run_dir = self.config.daemon.run_dir
if os.path.exists(run_dir):
log.debug("Changing ownership of %s to %i:%i" %
(run_dir, uid, gid))
os.chown(run_dir, uid, gid)
# Restore ownership of log files.
for h in logging.root.handlers:
# Support only logging.FileHandler and sub-classes.
filename = getattr(h, "baseFilename", None)
if filename is not None:
log.debug("Changing ownership of %s to %i:%i" %
(filename, uid, gid))
os.chown(filename, uid, gid)
# Restore ownership of control socket is used.
transport = self.config.control.transport.lower()
if transport == "unix":
os.chown(self.config.control.socket, uid, gid)
# Set new uid and gid for the process.
log.debug("Dropping root privileges, running as %i:%i" % (uid, gid))
os.initgroups(self.config.daemon.user_name, gid)
os.setgid(gid)
os.setuid(uid)
def change_process_owner(uid, gid, initgroups=False):
""" Changes the owning uid, gid and groups of this process.
This method ensures that the daemon being created has the same uid and gid as the
process that started the daemon.
Args:
uid (int): The user id.
gid (int): The group id.
initgroups (bool) : Whether to set the supplementary groups to that of the user.
Raise:
Raises a ``DaemonError`` if the operation encounters any error.
"""
username = None
try:
username = pwd.getpwuid(uid).pw_name
except KeyError:
logger.warning("Cannot find username for %s", uid)
initgroups = False
try:
logger.debug("Setting gid for %s to %s", username, gid)
if initgroups: # pragma: no cover
os.initgroups(username, gid)
else:
os.setgid(gid)
os.setuid(uid)
except Exception as exc:
message = f"Unable to change process owner ({exc})"
logger.error(message)
raise DaemonError(message)
def setuid(self):
user = self.user
logging.info("setting username=%s uid=%d gid=%d", user.pw_name,
user.pw_uid, user.pw_gid)
os.setgid(user.pw_gid)
os.initgroups(user.pw_name, user.pw_gid)
os.setuid(user.pw_uid)
def change_process_owner(uid, gid, initgroups=False):
""" Change the owning UID, GID, and groups of this process.
:param uid: The target UID for the daemon process.
:param gid: The target GID for the daemon process.
:param initgroups: If true, initialise the supplementary
groups of the process.
:return: ``None``.
Sets the owning GID and UID of the process (in that order, to
avoid permission errors) to the specified `gid` and `uid`
values.
If `initgroups` is true, the supplementary groups of the
process are also initialised, with those corresponding to the
username for the target UID.
All these operations require appropriate OS privileges. If
permission is denied, a ``DaemonOSEnvironmentError`` is
raised.
"""
username = None
try:
username = get_username_for_uid(uid)
except KeyError:
# We don't have a username to pass to ‘os.initgroups’.
initgroups = False
try:
if username is not None and initgroups:
os.initgroups(username, gid)
else:
os.setgid(gid)
os.setuid(uid)
except Exception as exc:
error = DaemonOSEnvironmentError(
"Unable to change process owner ({exc})".format(exc=exc))
raise error
def demote_function():
user = pwd.getpwnam(username)
uid = user.pw_uid
gid = user.pw_gid
os.initgroups(username, gid)
os.setgid(gid)
os.setuid(uid)
os.setpgrp()
def dropPrivileges(uid, gid):
"""Drop privileges to uid, gid if current uid is 0
Do tests to check if dropping was successful and that no system call is able
to re-raise dropped privileges
Does nothing in case if uid and gid are not 0
"""
logger = logging.getLogger('dropPrivileges')
# XXX-Cedric: remove format / just do a print, otherwise formatting is done
# twice
current_uid, current_gid = os.getuid(), os.getgid()
if uid == 0 or gid == 0:
raise OSError('Dropping privileges to uid = %r or ' \
'gid = %r is too dangerous' % (uid, gid))
if not(current_uid == 0 and current_gid == 0):
logger.debug('Running as uid = %r, gid = %r, dropping not needed and not '
'possible' % (current_uid, current_gid))
return
# drop privileges
user_name = pwd.getpwuid(uid)[0]
group_list = set([x.gr_gid for x in grp.getgrall() if user_name in x.gr_mem])
group_list.add(gid)
os.initgroups(pwd.getpwuid(uid)[0], gid)
os.setgid(gid)
os.setuid(uid)
# assert that privileges are dropped
message_pre = 'After dropping to uid = %r and gid = %r ' \
'and group_list = %s' % (
uid, gid, group_list)
new_uid, new_gid, new_group_list = os.getuid(), os.getgid(), os.getgroups()
if not (new_uid == uid and new_gid == gid and set(new_group_list) == group_list):
raise OSError('%s new_uid = %r and new_gid = %r and ' \
'new_group_list = %r which is fatal.'
% (message_pre,
new_uid,
new_gid,
new_group_list))
# assert that it is not possible to go back to running one
try:
try:
os.setuid(current_uid)
except OSError:
try:
os.setgid(current_gid)
except OSError:
try:
os.setgroups([current_gid])
except OSError:
raise
except OSError:
pass
else:
raise ValueError('%s it was possible to go back to uid = %r and gid = '
'%r which is fatal.' % (message_pre, current_uid, current_gid))
logger.debug('Succesfully dropped privileges to uid=%r gid=%r' % (uid, gid))
def drop_privileges(self):
if os.geteuid() != 0:
return
user_name = os.getenv("SUDO_USER")
pwnam = pwd.getpwnam(user_name)
os.initgroups(user_name, pwnam.pw_gid)
os.setregid(pwnam.pw_gid, pwnam.pw_gid)
os.setreuid(pwnam.pw_uid, pwnam.pw_uid)
def drop_privileges(self):
if os.geteuid() != 0:
return
user_name = os.getenv("SUDO_USER")
pwnam = pwd.getpwnam(user_name)
os.initgroups(user_name, pwnam.pw_gid)
os.setregid(pwnam.pw_gid, pwnam.pw_gid)
os.setreuid(pwnam.pw_uid, pwnam.pw_uid)
def drop_privileges(user, uid, gid):
if platform.system() != 'Windows':
if os.getgid() != gid:
os.setgid(gid)
os.initgroups(user, gid)
if os.getuid() != uid:
os.setuid(uid)
else:
log.err("Unable to securely drop permissions on Windows")
def drop_privs(self, user):
uid = user.get_uid()
# the user's main group id
gid = pwd.getpwuid(uid).pw_gid
# initialize the user's supplemental groups and main group
os.initgroups(user.get_user_name(), gid)
os.setegid(gid)
os.seteuid(uid)
def drop_permissions_forever(uid, gid):
"""Drops escalated permissions forever to the specified user and group.
uid: The system user ID to drop to.
gid: The system group ID to drop to.
"""
logger.info('Dropping permissions for user %s.', PROCESS_USERNAME)
os.initgroups(PROCESS_USERNAME, gid)
os.setgid(gid)
os.setuid(uid)
def drop_privs(self, user):
uid = user.get_uid()
# the user's main group id
gid = pwd.getpwuid(uid).pw_gid
# initialize the user's supplemental groups and main group
os.initgroups(user.get_user_name(), gid)
os.setegid(gid)
os.seteuid(uid)
def initgroups(space, username, gid):
""" initgroups(username, gid) -> None
Call the system initgroups() to initialize the group access list with all of
the groups of which the specified username is a member, plus the specified
group id.
"""
try:
os.initgroups(username, gid)
except OSError as e:
raise wrap_oserror(space, e)
def dropPrivileges(cfg):
# Drop root privileges if we have them and we're on a posix platform.
# This needs to be a function so it may be used outside of Zope
# appserver startup (e.g. from zopectl debug)
if os.name != 'posix':
return
if os.getuid() != 0:
return
import pwd
effective_user = cfg.effective_user
if effective_user is None:
msg = ('A user was not specified to setuid to; fix this to '
'start as root (change the effective-user directive '
'in zope.conf)')
logger.critical(msg)
raise ZConfig.ConfigurationError(msg)
try:
uid = int(effective_user)
except ValueError:
try:
pwrec = pwd.getpwnam(effective_user)
except KeyError:
msg = "Can't find username %r" % effective_user
logger.error(msg)
raise ZConfig.ConfigurationError(msg)
uid = pwrec[2]
else:
try:
pwrec = pwd.getpwuid(uid)
except KeyError:
msg = "Can't find uid %r" % uid
logger.error(msg)
raise ZConfig.ConfigurationError(msg)
gid = pwrec[3]
if uid == 0:
msg = 'Cannot start Zope with the effective user as the root user'
logger.error(msg)
raise ZConfig.ConfigurationError(msg)
try:
from os import initgroups
initgroups(effective_user, gid)
os.setgid(gid)
except OSError:
logger.exception('Could not set group id of effective user')
os.setuid(uid)
logger.info('Set effective user to "%s"' % effective_user)
return 1 # for unit testing purposes
def dropPrivileges(cfg):
# Drop root privileges if we have them and we're on a posix platform.
# This needs to be a function so it may be used outside of Zope
# appserver startup (e.g. from zopectl debug)
if os.name != 'posix':
return
if os.getuid() != 0:
return
import pwd
effective_user = cfg.effective_user
if effective_user is None:
msg = ('A user was not specified to setuid to; fix this to '
'start as root (change the effective-user directive '
'in zope.conf)')
logger.critical(msg)
raise ZConfig.ConfigurationError(msg)
try:
uid = int(effective_user)
except ValueError:
try:
pwrec = pwd.getpwnam(effective_user)
except KeyError:
msg = "Can't find username %r" % effective_user
logger.error(msg)
raise ZConfig.ConfigurationError(msg)
uid = pwrec[2]
else:
try:
pwrec = pwd.getpwuid(uid)
except KeyError:
msg = "Can't find uid %r" % uid
logger.error(msg)
raise ZConfig.ConfigurationError(msg)
gid = pwrec[3]
if uid == 0:
msg = 'Cannot start Zope with the effective user as the root user'
logger.error(msg)
raise ZConfig.ConfigurationError(msg)
try:
from os import initgroups
initgroups(effective_user, gid)
os.setgid(gid)
except OSError:
logger.exception('Could not set group id of effective user')
os.setuid(uid)
logger.info('Set effective user to "%s"' % effective_user)
return 1 # for unit testing purposes
def initgroups(space, username, gid):
""" initgroups(username, gid) -> None
Call the system initgroups() to initialize the group access list with all of
the groups of which the specified username is a member, plus the specified
group id.
"""
try:
os.initgroups(username, gid)
except OSError as e:
raise wrap_oserror(space, e)
def as_user():
os.chmod(socket_file, 0777)
os.initgroups(user[u'username'], user[u'gid'])
os.setgid(user[u'gid'])
os.setuid(user[u'uid'])
os.chdir(user[u'home'])
pipe.send(taskname(*args, user=user, **kwargs))
#notify
sox = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
sox.connect(socket_file)
sox.close()
pipe.close()
def become(user):
"""Switch to another user (need to be root first)."""
u = pwd.getpwnam(user)
os.environ["LOGNAME"] = os.environ["USER"] = u.pw_name
os.environ["PWD"] = os.getcwd()
os.environ["HOME"] = u.pw_dir
os.environ["SHELL"] = u.pw_shell
os.setregid(u.pw_gid, u.pw_gid)
try:
os.initgroups(user, u.pw_gid)
except OverflowError:
pass # FIXME???
os.setreuid(u.pw_uid, u.pw_uid)
def init_user(username, groupname, **kwargs):
"""As the user."""
p = pwd.getpwnam(username)
uid, gid = p.pw_uid, p.pw_gid
homedir = p.pw_dir
os.initgroups(groupname, gid)
os.setgid(gid)
os.setuid(uid)
os.chdir(homedir)
os.environ["USER"] = username
os.environ["HOME"] = homedir
os.environ["UID"] = str(uid)
paths = [("bash_profile", ".bash_profile"), ("gitconfig", ".gitconfig"),
("vimrc", ".vimrc")]
config = kwargs["environ"].get("CONFIG", None)
if config == "Laravel":
paths.append(("README-php.md", "README.md"))
if config == "Rails":
paths.append(("README-ror.md", "README.md"))
for tpl, dest in paths:
if not os.path.exists(dest):
render(tpl, dest, username=username, groupname=groupname, **kwargs)
# link /var/www to ~/www
os.symlink(wwwdir, "www")
# Create .ssh/authorized_keys
os.mkdir(".ssh")
os.chmod(".ssh", mode=0o0700)
# Vim
os.mkdir(".vim")
os.mkdir(".vim/bundle")
# Vundle
sys.stderr.write("Running Vundle PluginInstall... be patient.\n")
shutil.copytree("/var/Vundle.vim", ".vim/bundle/Vundle.vim")
subprocess.check_call(["vim", "+PluginInstall!", "+qall!"],
stderr=subprocess.PIPE,
stdout=subprocess.PIPE)
# Laravel installer
if kwargs["environ"]["CONFIG"] == "Laravel":
sys.stderr.write("Running composer global require laravel/installer\n")
subprocess.check_call(
["composer", "global", "require", "laravel/installer=~1.3"],
stderr=sys.stderr,
stdout=sys.stdout)
def drop_privileges(uid_name='nobody', gid_name='nogroup'):
if os.getuid() != 0:
# We're not root, we are going to need that to continue.
return
# Get the uid/gid from the name
running_uid = pwd.getpwnam(uid_name).pw_uid
running_gid = grp.getgrnam(gid_name).gr_gid
# Reset group access list
os.initgroups(uid_name, running_gid)
# Try setting the new uid/gid
os.setgid(running_gid)
os.setuid(running_uid)
# Ensure a very conservative umask
old_umask = os.umask(077)
def init_group(groupname, **kwargs):
"""As the user representing the group."""
p = pwd.getpwnam(groupname)
uid, gid = p.pw_uid, p.pw_gid
homedir = p.pw_dir
os.initgroups(groupname, gid)
os.setgid(gid)
os.setuid(uid)
os.chdir(homedir)
config = kwargs["environ"].get("CONFIG", None)
paths = []
dirs = ["config", "logs"]
if config == "Laravel":
dirs.append("public")
paths = (("index.php", "public/index.php"), ("nginx-php.conf",
"config/nginx.conf"))
if config == "Rails":
dirs.append("app/public")
dirs.append(kwargs["environ"]["GEM_HOME"])
paths = (("nginx-ror.conf", "config/nginx.conf"),
("puma.rb", "config/puma.rb"), ("Gemfile", "app/Gemfile"),
("Gemfile.lock", "app/Gemfile.lock"), ("config.ru",
"app/config.ru"))
for p in dirs:
if not os.path.exists(p):
os.makedirs(p)
for tpl, dest in paths:
if not os.path.exists(dest):
render(tpl, dest, groupname=groupname, **kwargs)
if config == "Rails":
shutil.copy2("/var/templates/nginx-puma.png", "app/public")
sys.stderr.write("Running rails installation.\n")
subprocess.check_call(
["gem", "install", "bundler", "rack", "rails", "rake", "puma"],
env=kwargs["environ"],
stderr=sys.stderr,
stdout=sys.stderr)
return homedir, uid, gid
def init_postgres(password):
p = pwd.getpwnam('postgres')
uid, gid = p.pw_uid, p.pw_gid
homedir = p.pw_dir
os.initgroups('postgres', gid)
os.setgid(gid)
os.setuid(uid)
os.chdir(homedir)
subprocess.check_call([
'psql', '-c',
"ALTER USER postgres WITH PASSWORD '{}';".format(password)
])
def drop_privileges(self):
""" Check and potentially drop privileges. """
if os.getuid() != 0:
return
if not self.user:
logger.warning('Peekaboo should not run as root. Please '
'configure a user to run as.')
sys.exit(1)
# drop privileges to user
try:
userdata = pwd.getpwnam(self.user)
except KeyError as notfound:
logger.critical('Error looking up daemon user: %s', notfound)
sys.exit(1)
uid = userdata[2]
gid = userdata[3]
userhome = userdata[5]
gid_log = ''
if self.group:
try:
gid = grp.getgrnam(self.group)[2]
except KeyError as notfound:
logger.critical('Error looking up daemon group: %s', notfound)
sys.exit(1)
gid_log = ' and group %s' % self.group
os.initgroups(self.user, gid)
os.setgid(gid)
os.setuid(uid)
grouplist = []
for gid in os.getgroups():
groupdata = grp.getgrgid(gid)
grouplist.append('%s(%d)' % (groupdata[0], groupdata[2]))
logger.info('After dropping privileges to user %s%s now running as '
'user %s(%d) with primary group %s(%d) and supplementary '
'groups %s', self.user, gid_log,
pwd.getpwuid(os.getuid())[0], os.getuid(),
grp.getgrgid(os.getgid())[0], os.getgid(),
', '.join(grouplist))
# set $HOME to the users home directory
# (VirtualBox must access the configs)
os.environ['HOME'] = userhome
logger.debug('$HOME is %s', os.environ['HOME'])
def procowner(self):
user = self.conf.user
group = self.conf.group
if os.geteuid() == 0: #root
try:
gr = grp.getgrnam(group)
os.setgid(gr.gr_gid)
os.initgroups(user, gr.gr_gid)
pw = pwd.getpwnam(user)
os.setuid(pw.pw_uid)
except:
self.log.logError("Pyproc", "set uid or gid failed: %s",
traceback.format_exc())
sys.exit(1)
def check_user(user):
"""
Check user and assign process uid/gid.
"""
if salt.utils.platform.is_windows():
return True
if user == salt.utils.user.get_user():
return True
import pwd # after confirming not running Windows
try:
pwuser = pwd.getpwnam(user)
try:
if hasattr(os, "initgroups"):
os.initgroups(user, pwuser.pw_gid) # pylint: disable=minimum-python-version
else:
os.setgroups(
salt.utils.user.get_gid_list(user, include_default=False))
os.setgid(pwuser.pw_gid)
os.setuid(pwuser.pw_uid)
# We could just reset the whole environment but let's just override
# the variables we can get from pwuser
if "HOME" in os.environ:
os.environ["HOME"] = pwuser.pw_dir
if "SHELL" in os.environ:
os.environ["SHELL"] = pwuser.pw_shell
for envvar in ("USER", "LOGNAME"):
if envvar in os.environ:
os.environ[envvar] = pwuser.pw_name
except OSError:
msg = 'Salt configured to run as user "{0}" but unable to switch.'
msg = msg.format(user)
if is_console_configured():
log.critical(msg)
else:
sys.stderr.write("CRITICAL: {0}\n".format(msg))
return False
except KeyError:
msg = 'User not found: "{0}"'.format(user)
if is_console_configured():
log.critical(msg)
else:
sys.stderr.write("CRITICAL: {0}\n".format(msg))
return False
return True
def change_user(user):
try:
user = getpwnam(user)
uid = user.pw_uid
gid = user.pw_gid
except KeyError:
abort('Unknown user {user}'.format(user=user))
try:
os.setgid(gid)
os.initgroups(user.pw_name, gid)
os.setuid(uid)
except OSError as e:
abort('Could not change owner to user {user}: {error}'.format(
user=user, error=e))
def preexec():
streams = [sys.stdin]
if not self.out:
streams.append(sys.stdout)
if not self.err:
streams.append(sys.stderr)
for stream in streams:
if hasattr(stream, 'fileno'):
try:
stream.flush()
devnull = os.open(os.devnull, os.O_RDWR)
# noinspection PyTypeChecker
os.dup2(devnull, stream.fileno())
# noinspection PyTypeChecker
os.close(devnull)
except IOError:
# some streams, like stdin - might be already closed.
pass
# noinspection PyArgumentList
os.setsid()
if resource:
for limit, value in self.rlimits.items():
resource.setrlimit(limit, (value, value))
if self.gid:
try:
# noinspection PyTypeChecker
os.setgid(self.gid)
except OverflowError:
if not ctypes:
raise
# versions of python < 2.6.2 don't manage unsigned int for
# groups like on osx or fedora
os.setgid(-ctypes.c_int(-self.gid).value)
if self.username is not None:
try:
# noinspection PyTypeChecker
os.initgroups(self.username, self.gid)
except (OSError, AttributeError):
# not support on Mac or 2.6
pass
if self.uid:
# noinspection PyTypeChecker
os.setuid(self.uid)
def preexec():
streams = [sys.stdin]
if not self.out:
streams.append(sys.stdout)
if not self.err:
streams.append(sys.stderr)
for stream in streams:
if hasattr(stream, 'fileno'):
try:
stream.flush()
devnull = os.open(os.devnull, os.O_RDWR)
# noinspection PyTypeChecker
os.dup2(devnull, stream.fileno())
# noinspection PyTypeChecker
os.close(devnull)
except IOError:
# some streams, like stdin - might be already closed.
pass
# noinspection PyArgumentList
os.setsid()
if resource:
for limit, value in self.rlimits.items():
resource.setrlimit(limit, (value, value))
if self.gid:
try:
# noinspection PyTypeChecker
os.setgid(self.gid)
except OverflowError:
if not ctypes:
raise
# versions of python < 2.6.2 don't manage unsigned int for
# groups like on osx or fedora
os.setgid(-ctypes.c_int(-self.gid).value)
if self.username is not None:
try:
# noinspection PyTypeChecker
os.initgroups(self.username, self.gid)
except (OSError, AttributeError):
# not support on Mac or 2.6
pass
if self.uid:
# noinspection PyTypeChecker
os.setuid(self.uid)
def initgroups(uid, gid):
if grp and pwd:
username = pwd.getpwuid(uid)[0]
if hasattr(os, "initgroups"): # Python 2.7+
return os.initgroups(username, gid)
groups = [gr.gr_gid for gr in grp.getgrall() if username in gr.gr_mem]
setgroups(groups)
def initgroups(uid, gid):
if grp and pwd:
username = pwd.getpwuid(uid)[0]
if hasattr(os, "initgroups"): # Python 2.7+
return os.initgroups(username, gid)
groups = [gr.gr_gid for gr in grp.getgrall() if username in gr.gr_mem]
setgroups(groups)
def check_user(user):
'''
Check user and assign process uid/gid.
'''
if salt.utils.is_windows():
return True
if user == salt.utils.get_user():
return True
import pwd # after confirming not running Windows
try:
pwuser = pwd.getpwnam(user)
try:
if hasattr(os, 'initgroups'):
os.initgroups(user, pwuser.pw_gid) # pylint: disable=minimum-python-version
else:
os.setgroups(salt.utils.get_gid_list(user, include_default=False))
os.setgid(pwuser.pw_gid)
os.setuid(pwuser.pw_uid)
# We could just reset the whole environment but let's just override
# the variables we can get from pwuser
if 'HOME' in os.environ:
os.environ['HOME'] = pwuser.pw_dir
if 'SHELL' in os.environ:
os.environ['SHELL'] = pwuser.pw_shell
for envvar in ('USER', 'LOGNAME'):
if envvar in os.environ:
os.environ[envvar] = pwuser.pw_name
except OSError:
msg = 'Salt configured to run as user "{0}" but unable to switch.'
msg = msg.format(user)
if is_console_configured():
log.critical(msg)
else:
sys.stderr.write("CRITICAL: {0}\n".format(msg))
return False
except KeyError:
msg = 'User not found: "{0}"'.format(user)
if is_console_configured():
log.critical(msg)
else:
sys.stderr.write("CRITICAL: {0}\n".format(msg))
return False
return True
def _ReExecuteIfNeeded(argv, network):
"""Re-execute as root so we can unshare resources."""
if os.geteuid() != 0:
cmd = ['sudo', '-E', 'HOME=%s' % os.environ['HOME'],
'PATH=%s' % os.environ['PATH'], '--'] + argv
os.execvp(cmd[0], cmd)
else:
cgroups.Cgroup.InitSystem()
namespaces.SimpleUnshare(net=not network, pid=True)
# We got our namespaces, so switch back to the user to run the tests.
gid = int(os.environ.pop('SUDO_GID'))
uid = int(os.environ.pop('SUDO_UID'))
user = os.environ.pop('SUDO_USER')
os.initgroups(user, gid)
os.setresgid(gid, gid, gid)
os.setresuid(uid, uid, uid)
os.environ['USER'] = user
def initgroups(uid, gid):
if not pwd: # pragma: no cover
return
username = pwd.getpwuid(uid)[0]
if hasattr(os, 'initgroups'): # Python 2.7+
return os.initgroups(username, gid)
groups = [gr.gr_gid for gr in grp.getgrall()
if username in gr.gr_mem]
setgroups(groups)
def change_user(username="******"): # pragma: no cover
# Ne pas remonter les deux imports suivants, nécessaires pour les tests
# unitaires (mock)
# pylint: disable-msg=W0621,W0404
import os, pwd
uid = os.getuid()
# Vigiconf est lancé en tant que "root",
# on bascule sur un compte utilisateur
# plus approprié (vigiconf).
if not uid:
LOGGER.warning(_("VigiConf was launched as user 'root'. "
"Switching to user '%s' instead."), username)
try:
entry = pwd.getpwnam(username)
except KeyError:
LOGGER.error(_("Unable to switch to user '%s'. Aborting."),
username)
sys.exit(2)
# On remplace les UID/GID réels et effectifs
# par ceux de l'utilisateur 'vigiconf', ainsi que les variables
# d'environnements nécessaires.
os.setregid(entry.pw_gid, entry.pw_gid)
# Permet de charger les groupes supplémentaires
# associés à l'utilisateur "vigiconf".
if hasattr(os, "initgroups"):
os.initgroups(username, entry.pw_gid) #pylint: disable-msg=E1103
else:
import initgroups
initgroups.initgroups(username, entry.pw_gid)
os.setreuid(entry.pw_uid, entry.pw_uid)
os.environ["LOGNAME"] = entry.pw_name
os.environ["USER"] = entry.pw_name
os.environ["USERNAME"] = entry.pw_name
os.environ["HOME"] = entry.pw_dir
os.environ["SHELL"] = entry.pw_shell
if pwd.getpwuid(os.getuid()).pw_name != username:
LOGGER.error(_("VigiConf was not launched as user '%s'. "
"Aborting."), username)
sys.exit(2)
def initgroups(uid, gid):
"""Compat version of :func:`os.initgroups` which was first
added to Python 2.7."""
if not pwd: # pragma: no cover
return
username = pwd.getpwuid(uid)[0]
if hasattr(os, "initgroups"): # Python 2.7+
return os.initgroups(username, gid)
groups = [gr.gr_gid for gr in grp.getgrall() if username in gr.gr_mem]
setgroups(groups)
def change_user_group(self, user, group):
if not user and not group:
return
import pwd
import grp
uid = gid = None
if group:
try:
gid = int(group)
group = grp.getgrgid(gid).gr_name
except ValueError:
import grp
try:
entry = grp.getgrnam(group)
except KeyError:
raise BadCommand(
"Bad group: %r; no such group exists" % group)
gid = entry.gr_gid
try:
uid = int(user)
user = pwd.getpwuid(uid).pw_name
except ValueError:
try:
entry = pwd.getpwnam(user)
except KeyError:
raise BadCommand(
"Bad username: %r; no such user exists" % user)
if not gid:
gid = entry.pw_gid
uid = entry.pw_uid
if self.verbose > 0:
print('Changing user to %s:%s (%s:%s)' % (
user, group or '(unknown)', uid, gid))
if hasattr(os, 'initgroups'):
os.initgroups(user, gid)
else:
os.setgroups([e.gr_gid for e in grp.getgrall()
if user in e.gr_mem] + [gid])
if gid:
os.setgid(gid)
if uid:
os.setuid(uid)
def setugid(user):
"""Change process user and group ID
Argument is a numeric user id or a user name"""
try:
from pwd import getpwuid
passwd = getpwuid(int(user))
except ValueError:
from pwd import getpwnam
passwd = getpwnam(user)
if hasattr(os, 'initgroups'): # python >= 2.7
os.initgroups(passwd.pw_name, passwd.pw_gid)
else:
import ctypes
if ctypes.CDLL(None).initgroups(passwd.pw_name, passwd.pw_gid) < 0:
err = ctypes.c_int.in_dll(ctypes.pythonapi,"errno").value
raise OSError(err, os.strerror(err), 'initgroups')
os.setgid(passwd.pw_gid)
os.setuid(passwd.pw_uid)
def dropped_privileges(passwd: pwd.struct_passwd):
"""
Context manager for temporarily switching real and effective UID and real
and effective GID.
"""
logger.debug("Dropping privileges temporary to user %s", passwd.pw_name)
# To handle multiple users with the same UID correctly, we obtain the
# current user name with getpass
saved_user = getpass.getuser()
saved_uid = os.geteuid()
saved_gid = os.getegid()
os.initgroups(passwd.pw_name, passwd.pw_gid)
os.setresuid(passwd.pw_uid, passwd.pw_uid, saved_uid)
try:
yield
finally:
os.seteuid(saved_uid)
os.setreuid(saved_uid, saved_uid)
os.setregid(saved_gid, saved_gid)
os.initgroups(saved_user, saved_gid)
logger.debug("Restoring previous privileges as user %s", saved_user)
def set_owner_process(uid, gid, initgroups=False):
""" set user and group of workers processes """
if gid:
if uid:
try:
username = get_username(uid)
except KeyError:
initgroups = False
# versions of python < 2.6.2 don't manage unsigned int for
# groups like on osx or fedora
gid = abs(gid) & 0x7FFFFFFF
if initgroups:
os.initgroups(username, gid)
else:
os.setgid(gid)
if uid:
os.setuid(uid)
def init_user(username, groupname, **kwargs):
"""As the user."""
p = pwd.getpwnam(username)
uid, gid = p.pw_uid, p.pw_gid
homedir = p.pw_dir
os.initgroups(groupname, gid)
os.setgid(gid)
os.setuid(uid)
os.chdir(homedir)
os.environ["USER"] = username
os.environ["HOME"] = homedir
os.environ["UID"] = str(uid)
paths = [("base/bash_profile", ".bash_profile"),
("base/gitconfig", ".gitconfig"), ("base/pgpass", ".pgpass")]
config = kwargs["environ"].get("CONFIG", None)
if config == "Laravel":
paths.append(("laravel/README-php.md", "README.md"))
elif config == "Rails":
paths.append(("rails/README.md", "README.md"))
elif config == "Python":
paths.append(("python/README.md", "README.md"))
else:
paths.append(("base/README.md", "README.md"))
for tpl, dest in paths:
if not os.path.exists(dest):
render(tpl, dest, username=username, groupname=groupname, **kwargs)
# Chmod the postgres configuration
os.chmod(".pgpass", mode=0o0600)
# link /var/www to ~/www
os.symlink(wwwdir, "www")
# Create .ssh/authorized_keys
os.mkdir(".ssh")
os.chmod(".ssh", mode=0o0700)
def check_user(user):
"""
Check user and assign process uid/gid.
"""
if "os" in os.environ:
if os.environ["os"].startswith("Windows"):
return True
if user == getpass.getuser():
return True
import pwd # after confirming not running Windows
import grp
try:
pwuser = pwd.getpwnam(user)
try:
if hasattr(os, "initgroups"):
os.initgroups(user, pwuser.pw_gid)
else:
os.setgroups([e.gr_gid for e in grp.getgrall() if user in e.gr_mem] + [pwuser.pw_gid])
os.setgid(pwuser.pw_gid)
os.setuid(pwuser.pw_uid)
except OSError:
msg = 'Salt configured to run as user "{0}" but unable to switch.'
msg = msg.format(user)
if is_console_configured():
log.critical(msg)
else:
sys.stderr.write("CRITICAL: {0}\n".format(msg))
return False
except KeyError:
msg = 'User not found: "{0}"'.format(user)
if is_console_configured():
log.critical(msg)
else:
sys.stderr.write("CRITICAL: {0}\n".format(msg))
return False
return True
def initgroups(uid, gid):
"""Init process group permissions.
Compat version of :func:`os.initgroups` that was first
added to Python 2.7.
"""
if not pwd: # pragma: no cover
return
username = pwd.getpwuid(uid)[0]
if hasattr(os, 'initgroups'): # Python 2.7+
return os.initgroups(username, gid)
groups = [gr.gr_gid for gr in grp.getgrall()
if username in gr.gr_mem]
setgroups(groups)
