473,231 Members | 1,690 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,231 software developers and data experts.

Impersonate another user temporarily (Unix and Windows)

Hi there. I'm writing a modification for a FTP server library I'm
maintaining.
Depending on the system I'd want to temporarily impersonate the logged
user to perform actions on filesystem.
Something like:

try:
change_user('user', 'password')
os.rmdir('dir')
except:
print "some error"
finally:
change_user('old_user', 'password')

On Unix I took at look at os.seteuid() and os.setegid() functions and
I noticed they could be useful for my purpose.
On Windows I have no idea about how could I emulate a similar
behaviour.
Could someone please point me in the right direction?
Thanks in advance

Aug 22 '07 #1
6 4363
billiejoex wrote:
Hi there. I'm writing a modification for a FTP server library I'm
maintaining.
Depending on the system I'd want to temporarily impersonate the logged
user to perform actions on filesystem.
Something like:

try:
change_user('user', 'password')
os.rmdir('dir')
except:
print "some error"
finally:
change_user('old_user', 'password')

On Unix I took at look at os.seteuid() and os.setegid() functions and
I noticed they could be useful for my purpose.
On Windows I have no idea about how could I emulate a similar
behaviour.
Could someone please point me in the right direction?
(Warning: not tried, but at least gives you the things to Google for!)

You need the win32security module from the pywin32 extensions. [1]
In particular, you want to look at the LogonUser and
ImpersonateLoggedOnUser functions.

TJG

[1] http://pywin32.sf.net
Aug 23 '07 #2
On 23 Ago, 10:38, Tim Golden <m...@timgolden.me.ukwrote:
billiejoex wrote:
Hi there. I'm writing a modification for a FTP server library I'm
maintaining.
Depending on the system I'd want to temporarily impersonate the logged
user to perform actions on filesystem.
Something like:
try:
change_user('user', 'password')
os.rmdir('dir')
except:
print "some error"
finally:
change_user('old_user', 'password')
On Unix I took at look at os.seteuid() and os.setegid() functions and
I noticed they could be useful for my purpose.
On Windows I have no idea about how could I emulate a similar
behaviour.
Could someone please point me in the right direction?

(Warning: not tried, but at least gives you the things to Google for!)

You need the win32security module from the pywin32 extensions. [1]
In particular, you want to look at the LogonUser and
ImpersonateLoggedOnUser functions.

TJG

[1]http://pywin32.sf.net- Nascondi testo tra virgolette -

- Mostra testo tra virgolette -
Thanks for suggestion.
I made it.

Aug 23 '07 #3
On 8/23/07, billiejoex <gn****@gmail.comwrote:
On 23 Ago, 10:38, Tim Golden <m...@timgolden.me.ukwrote:
billiejoex wrote:
Hi there. I'm writing a modification for a FTP server library I'm
maintaining.
Depending on the system I'd want to temporarily impersonate the logged
user to perform actions on filesystem.
Something like:
try:
change_user('user', 'password')
os.rmdir('dir')
except:
print "some error"
finally:
change_user('old_user', 'password')
On Unix I took at look at os.seteuid() and os.setegid() functions and
I noticed they could be useful for my purpose.
On Windows I have no idea about how could I emulate a similar
behaviour.
Could someone please point me in the right direction?
(Warning: not tried, but at least gives you the things to Google for!)

You need the win32security module from the pywin32 extensions. [1]
In particular, you want to look at the LogonUser and
ImpersonateLoggedOnUser functions.

TJG

[1]http://pywin32.sf.net- Nascondi testo tra virgolette -

- Mostra testo tra virgolette -

Thanks for suggestion.
I made it.

Note that running your process as a user with enough priviledges to
impersonate another user pretty much eliminates all the benefits of
running as a low-priviledged user in the first place. Consider
re-thinking your application model and having an "ftp" user instead.
Aug 23 '07 #4
On 23 Ago, 13:13, "Chris Mellon" <arka...@gmail.comwrote:
On 8/23/07, billiejoex <gne...@gmail.comwrote:


On 23 Ago, 10:38, Tim Golden <m...@timgolden.me.ukwrote:
billiejoex wrote:
Hi there. I'm writing a modification for a FTP server library I'm
maintaining.
Depending on the system I'd want to temporarily impersonate the logged
user to perform actions on filesystem.
Something like:
try:
change_user('user', 'password')
os.rmdir('dir')
except:
print "some error"
finally:
change_user('old_user', 'password')
On Unix I took at look at os.seteuid() and os.setegid() functions and
I noticed they could be useful for my purpose.
On Windows I have no idea about how could I emulate a similar
behaviour.
Could someone please point me in the right direction?
(Warning: not tried, but at least gives you the things to Google for!)
You need the win32security module from the pywin32 extensions. [1]
In particular, you want to look at the LogonUser and
ImpersonateLoggedOnUser functions.
TJG
[1]http://pywin32.sf.net-Nascondi testo tra virgolette -
- Mostra testo tra virgolette -
Thanks for suggestion.
I made it.

Note that running your process as a user with enough priviledges to
impersonate another user pretty much eliminates all the benefits of
running as a low-priviledged user in the first place. Consider
re-thinking your application model and having an "ftp" user instead.- Nascondi testo tra virgolette -

- Mostra testo tra virgolette -
Could you be more precise?
Why it's not a good idea?
I was thinking of starting ftpd as limited user ('nobody'/'ftp' on
unix, 'Guest' on Windows), then temporary switching to another user
when I got to perform actions on file system.
Maybe you're saying that as limited user I can't do such switching?

Aug 23 '07 #5
billiejoex wrote:
On 23 Ago, 13:13, "Chris Mellon" <arka...@gmail.comwrote:
[...]
>Note that running your process as a user with enough priviledges to
impersonate another user pretty much eliminates all the benefits of
running as a low-priviledged user in the first place. Consider
re-thinking your application model and having an "ftp" user instead.- Nascondi testo tra virgolette -

- Mostra testo tra virgolette -

Could you be more precise?
Why it's not a good idea?
I was thinking of starting ftpd as limited user ('nobody'/'ftp' on
unix, 'Guest' on Windows), then temporary switching to another user
when I got to perform actions on file system.
Maybe you're saying that as limited user I can't do such switching?
That's exactly what he's saying.

regards
Steve
--
Steve Holden +1 571 484 6266 +1 800 494 3119
Holden Web LLC/Ltd http://www.holdenweb.com
Skype: holdenweb http://del.icio.us/steve.holden
--------------- Asciimercial ------------------
Get on the web: Blog, lens and tag the Internet
Many services currently offer free registration
----------- Thank You for Reading -------------

Aug 23 '07 #6
On 23 Ago, 23:20, Steve Holden <st...@holdenweb.comwrote:
billiejoex wrote:
On 23 Ago, 13:13, "Chris Mellon" <arka...@gmail.comwrote:
[...]
Note that running your process as a user with enough priviledges to
impersonate another user pretty much eliminates all the benefits of
running as a low-priviledged user in the first place. Consider
re-thinking your application model and having an "ftp" user instead.- Nascondi testo tra virgolette -
- Mostra testo tra virgolette -
Could you be more precise?
Why it's not a good idea?
I was thinking of starting ftpd as limited user ('nobody'/'ftp' on
unix, 'Guest' on Windows), then temporary switching to another user
when I got to perform actions on file system.
Maybe you're saying that as limited user I can't do such switching?

That's exactly what he's saying.

regards
Steve
--
Steve Holden +1 571 484 6266 +1 800 494 3119
Holden Web LLC/Ltd http://www.holdenweb.com
Skype: holdenweb http://del.icio.us/steve.holden
--------------- Asciimercial ------------------
Get on the web: Blog, lens and tag the Internet
Many services currently offer free registration
----------- Thank You for Reading -------------- Nascondi testo tra virgolette -

- Mostra testo tra virgolette -
Uhm... I'm confused.
Which kind of aproach is generally adopted in such cases?

Aug 23 '07 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

14
by: Ian Frawley | last post by:
Anyone used the WindowsIdentity class with success? I find if I try to change the current identity to one that exists on another machine and then try to perform and action on that machine i.e....
8
by: BLiTZWiNG | last post by:
After playing with the code shown and utilising Willy Denyottes' help, I have come to the conclusion that there is some form of difference between the managed WindowsIdentity.Impersonate() over the...
4
by: Alvaro Pereira | last post by:
I have a ASP.NET project that prints a report to a NETWORK- PRINTER. I have impersonate=true in my web.config, but all reports are printed under ASPNET user (the one that is setted in...
6
by: Erez Shor | last post by:
Hi, I need to build and asp page which access a remote windows server's registry and create a registry key. In order for the ASP page to be able to access the registry on the remote server I need...
1
by: Svein Terje Gaup | last post by:
I have a website running on Windows 2000 Server, that should be able to retrieve data from a datawarehouse on another machine running Windows 2000 Server, SQL Server 2000 and SQL Server 2000...
8
by: RTT | last post by:
i'm writing a windows form but codebased a iwant to run the code as a different user. like in a webapplication you can impersonate a user so the website does not run on the standard ASP.NET...
1
by: Oleg Ogurok | last post by:
Hi there, My ASP.NET application has impersonation turned on in web.config as follows: <identity impersonate="true" /> However, now I need to connect to a SQL database. Rather than allowing...
2
by: rockdale | last post by:
Hi, all: My asp.net application calles MS speech 5.1 and generate a wav file on server's path. Everything runs perfectly on my development machine. But when I move the appl to production server,...
4
by: =?Utf-8?B?QXZhRGV2?= | last post by:
ASP.Net 2. We are migrating to Windows 2008 64 bit Server with IIS 7 from Windows 2003 32 Bit with IIS 6. A few library classes we wrote uses impersonation in code like explained in this...
0
by: abbasky | last post by:
### Vandf component communication method one: data sharing ​ Vandf components can achieve data exchange through data sharing, state sharing, events, and other methods. Vandf's data exchange method...
0
by: fareedcanada | last post by:
Hello I am trying to split number on their count. suppose i have 121314151617 (12cnt) then number should be split like 12,13,14,15,16,17 and if 11314151617 (11cnt) then should be split like...
0
by: stefan129 | last post by:
Hey forum members, I'm exploring options for SSL certificates for multiple domains. Has anyone had experience with multi-domain SSL certificates? Any recommendations on reliable providers or specific...
0
Git
by: egorbl4 | last post by:
Скачал я git, хотел начать настройку, а там вылезло вот это Что это? Что мне с этим делать? ...
1
by: davi5007 | last post by:
Hi, Basically, I am trying to automate a field named TraceabilityNo into a web page from an access form. I've got the serial held in the variable strSearchString. How can I get this into the...
0
by: MeoLessi9 | last post by:
I have VirtualBox installed on Windows 11 and now I would like to install Kali on a virtual machine. However, on the official website, I see two options: "Installer images" and "Virtual machines"....
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: Aftab Ahmad | last post by:
So, I have written a code for a cmd called "Send WhatsApp Message" to open and send WhatsApp messaage. The code is given below. Dim IE As Object Set IE =...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.