On Sunday, March 25, 2012 6:22:10 PM UTC-6, Ben Finney wrote: > jeff writes: > > > On Sunday, March 25, 2012 4:04:55 PM UTC-6, Heiko Wundram wrote: > > > Am 25.03.2012 23:32, schrieb jeff: > > > > but I have to be able to get back to root privilege so I can't use > > > > setgid and setuid. > > > > > > Simply not possible (i.e., you can't drop root privileges, be it by > > > setuid()/setgid() or removing yourself from groups with setgroups()), > > > and later reacquire them _in the same process_. See the discussion of > > > how to implement privilege separation at > > > > > > http://www.citi.umich.edu/u/provos/ssh/privsep.html > > > > os.system("su -m <unprivileged_user> -c '<command string>'") > > > > seems to do the trick. > > Yes, because ‘os.system’ explicitly starts a new process. > > It can't be done in the same process, as Heiko correctly said. > > -- > \ “Faith, n. Belief without evidence in what is told by one who | > `\ speaks without knowledge, of things without parallel.” —Ambrose | > _o__) Bierce, _The Devil's Dictionary_, 1906 | > Ben Finney
I didn't ask how to do it in the same process, but thanks to both of you for that information. By the way, are you guys aware of seteuid and setegid? -- http://mail.python.org/mailman/listinfo/python-list
