I have a script that sometimes is run by myself (user id 501) and sometimes
by the mailer program as nobody/nogroup (userid 65534). I would like to change
the effective uid to 501 in any case, to get the right permissions, but
os.setuid and os.seteuid give me a OSError No. 1. Is there a way to get what I
want? My requirement is that the script should work indipendently from the
mailer program, i.e I would like to avoid configuring the mailer program by
hand. I am working on linux with postfix on Mandrake and exim4 on Debian.
Any suggestion?
Michele Simionato
3  8381 
Michele Simionato wrote: I have a script that sometimes is run by myself (user id 501) and sometimes
by the mailer program as nobody/nogroup (userid 65534). I would like to change
the effective uid to 501 in any case, to get the right permissions, but
os.setuid and os.seteuid give me a OSError No. 1. Is there a way to get what I
want? My requirement is that the script should work indipendently from the
mailer program, i.e I would like to avoid configuring the mailer program by
hand. I am working on linux with postfix on Mandrake and exim4 on Debian.
Any suggestion?
Once a process is running as nobody (or any other non-root user account), you
cannot simple change the uid - that's a (very important) feature not a bug! To
change the uid you have to be root first, 'sudo' may help you - though I don't
know about the details how this works...
Possible pseudocode (and by pseudo I mean pseudo ;)
if os.getuid() == 0: # I'm root
os.setuid(501)
elif os.getuid() != 501:
os.exec*("sudo" , "myscript.p y") # script is restarted, now as root
assert os.getuid() == 501
Benjamin Niemann <b.*******@bett ernet.de> wrote in message news:<ci******* ***@online.de>. .. Once a process is running as nobody (or any other non-root user account), you
cannot simple change the uid - that's a (very important) feature not a bug! To
change the uid you have to be root first, 'sudo' may help you - though I don't
know about the details how this works...
Possible pseudocode (and by pseudo I mean pseudo ;)
if os.getuid() == 0: # I'm root
os.setuid(501)
elif os.getuid() != 501:
os.exec*("sudo" , "myscript.p y") # script is restarted, now as root
assert os.getuid() == 501
Uhm ... I wanted somewhat to avoid "sudo". Anyway, at the end I have decided
to change the design so that the script is always run as nobody.
This solves as well other issues and I am happy with it.
Michele Simionato
Michele Simionato wrote: Benjamin Niemann <b.*******@bett ernet.de> wrote in message news:<ci******* ***@online.de>. ..
Once a process is running as nobody (or any other non-root user account), you
cannot simple change the uid - that's a (very important) feature not a bug! To
change the uid you have to be root first, 'sudo' may help you - though I don't
know about the details how this works...
Possible pseudocode (and by pseudo I mean pseudo ;)
if os.getuid() == 0: # I'm root
os.setuid(501)
elif os.getuid() != 501:
os.exec*("sudo" , "myscript.p y") # script is restarted, now as root
assert os.getuid() == 501
Uhm ... I wanted somewhat to avoid "sudo". Anyway, at the end I have decided
to change the design so that the script is always run as nobody.
This solves as well other issues and I am happy with it.
....and is the best solution. As long as it doesn't need more rights than
'no'body, there's no point in running it as 'some'body. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Tim Daneliuk |
last post by:
Given that setuid is a Bad Thing for scripts, what is the general consensus
here on running a Python script via 'sudo' to give it root system access?
Is this reasonably secure, or am I still asking for trouble?
TIA,
--
----------------------------------------------------------------------------
Tim Daneliuk tundra@tundraware.com
PGP...
|
by: Jean-Paul Lauque |
last post by:
Hello,
With my script ASP, I display list of folders and files in a directory.
My problem is :
when the directory is protected, I have a message an error page with
"permission denied" message
when my ASP script try to read its content.
|
by: Mark |
last post by:
I am new to C# and still learning…so for you pros out there, I’m sure this is
a piece of cake.
Using Windows 2000 Server ( .NET Framework 1.1 )
#1. I need to (uncheck) not allow inheritable permissions from a parent to
propagate to this object & copy previously inherited permission to this
object.
#2. Add a user from Active Directory...
|
by: Andrew |
last post by:
I spent tons of time searching the web for how to use .NET 2.0 and C# to
modify Registry key security. After finally finding an example, and once I
knew the function names a few other small examples.. I can still find
nothing that demonstrates how to take ownership of a Registry key if one
has (potentially) *only* "write owner"
The problem,...
|
by: Samuel Shum |
last post by:
Hello, I'm just wondering how I could set files and folders permission with
VB.NET? I find there is a class "system.security.permissions" which seems to
do the job but the samples are pretty complicated. Could anyone please show
me some codes of how to achieve the following results?
Folder: D:\Examples\UserA (Admin, System: Full Access,...
| | |
by: junis |
last post by:
Dear All,
if i want to change permission in Ms Access, i just follow this step
1. click "Tool" -> "Security" -> "User Group Permissions"
2. I choose User in Box User/Group Name then select listbox "Object Name"
3. then i check Permission that i want
4. click ok
5. done
but sometimes .. i need change user/groups at runtime (in another...
|
by: Stu |
last post by:
Is there anyway to tell if a setuid() call has been made to some other
user?
If so, can somebody provide me with some sample code
Thanks in advance to all that answer
|
by: david.didonato |
last post by:
hi
i would like to add a user and set file permission to a file with ASP.
(No component). is that possible ?
do you have a link ? an example ?
thanks david
|
by: dolittle |
last post by:
Hi,
I`m trying to read the href property of an iframe with a javascript that running in the main frame. When the main frame and the inner iframe are both from the same domain I can read it with:
frames.location.href
but when the inner frame is served from a different domain I run into cross domain permission issues.
Can I use proxy on...
|
by: =?Utf-8?B?UGFzY2FsIEQ=?= |
last post by:
Hi,
we have Windows Small Businiss Server 2003 and Exchange 2003 with the latest
service pack.
We can log on OWA no problem, all is ok except some email cannot be display.
I dont have URLscan install.
I have disble firewall , antivirus , tryed on many station same proble .
Even with a Blackberry , the problem remain , i dont even receive...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
| | |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it. ...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| | |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...
| |
