permission problem with os.setuid

Michele Simionato

I have a script that sometimes is run by myself (user id 501) and sometimes
by the mailer program as nobody/nogroup (userid 65534). I would like to change
the effective uid to 501 in any case, to get the right permissions, but
os.setuid and os.seteuid give me a OSError No. 1. Is there a way to get what I
want? My requirement is that the script should work indipendently from the
mailer program, i.e I would like to avoid configuring the mailer program by
hand. I am working on linux with postfix on Mandrake and exim4 on Debian.
Any suggestion?

Michele Simionato

Jul 18 '05 #1

Benjamin Niemann

Michele Simionato wrote:
[color=blue]
> I have a script that sometimes is run by myself (user id 501) and sometimes
> by the mailer program as nobody/nogroup (userid 65534). I would like to change
> the effective uid to 501 in any case, to get the right permissions, but
> os.setuid and os.seteuid give me a OSError No. 1. Is there a way to get what I
> want? My requirement is that the script should work indipendently from the
> mailer program, i.e I would like to avoid configuring the mailer program by
> hand. I am working on linux with postfix on Mandrake and exim4 on Debian.
> Any suggestion?[/color]
Once a process is running as nobody (or any other non-root user account), you
cannot simple change the uid - that's a (very important) feature not a bug! To
change the uid you have to be root first, 'sudo' may help you - though I don't
know about the details how this works...
Possible pseudocode (and by pseudo I mean pseudo ;)

if os.getuid() == 0: # I'm root
os.setuid(501)
elif os.getuid() != 501:
os.exec*("sudo", "myscript.py") # script is restarted, now as root

assert os.getuid() == 501

Jul 18 '05 #2

Michele Simionato

Benjamin Niemann <b.niemann@betternet.de> wrote in message news:<cieb24$d6s$1@online.de>...[color=blue]
> Once a process is running as nobody (or any other non-root user account), you
> cannot simple change the uid - that's a (very important) feature not a bug! To
> change the uid you have to be root first, 'sudo' may help you - though I don't
> know about the details how this works...
> Possible pseudocode (and by pseudo I mean pseudo ;)
>
> if os.getuid() == 0: # I'm root
> os.setuid(501)
> elif os.getuid() != 501:
> os.exec*("sudo", "myscript.py") # script is restarted, now as root
>
> assert os.getuid() == 501[/color]

Uhm ... I wanted somewhat to avoid "sudo". Anyway, at the end I have decided
to change the design so that the script is always run as nobody.
This solves as well other issues and I am happy with it.


Michele Simionato

Jul 18 '05 #3

Benjamin Niemann

Michele Simionato wrote:[color=blue]
> Benjamin Niemann <b.niemann@betternet.de> wrote in message news:<cieb24$d6s$1@online.de>...
>[color=green]
>>Once a process is running as nobody (or any other non-root user account), you
>>cannot simple change the uid - that's a (very important) feature not a bug! To
>>change the uid you have to be root first, 'sudo' may help you - though I don't
>>know about the details how this works...
>>Possible pseudocode (and by pseudo I mean pseudo ;)
>>
>>if os.getuid() == 0: # I'm root
>> os.setuid(501)
>>elif os.getuid() != 501:
>> os.exec*("sudo", "myscript.py") # script is restarted, now as root
>>
>>assert os.getuid() == 501[/color]
>
>
> Uhm ... I wanted somewhat to avoid "sudo". Anyway, at the end I have decided
> to change the design so that the script is always run as nobody.
> This solves as well other issues and I am happy with it.[/color]
....and is the best solution. As long as it doesn't need more rights than
'no'body, there's no point in running it as 'some'body.

Jul 18 '05 #4