On Feb 16, 8:40 pm, GSO <gso...@yahoo.co.uk> wrote: > Apols for being a nuisance. I'm normally if anything a web programmer. > > It looks like there are set-id functions in the os module. Further I > don't actually need root privileges, just write access to a directory > that a user ordinarily does not have write access to (and preferably > not read).
So give them that instead, preferably via ACL. Reliably denying read access may be difficult, however. Chances are pretty good that any solution you create won't be any more secure than this, though. > So a call to os.setegid(egid) with a group created for the > program's use alone would do this then. (Unless this is bad technique > security wise otherwise, as a uid 0 seteuid call would be considered; > but surely what I am thinking of doing is not a security risk.) Except in order to do this you need to be root, of course, or make the users members of that group anyway (in which case, just use the damn ACL). Adam -- http://mail.python.org/mailman/listinfo/python-list
