By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
448,485 Members | 1,061 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 448,485 IT Pros & Developers. It's quick & easy.

Impersonate another user temporarily (Unix and Windows)

P: n/a
Hi there. I'm writing a modification for a FTP server library I'm
maintaining.
Depending on the system I'd want to temporarily impersonate the logged
user to perform actions on filesystem.
Something like:

try:
change_user('user', 'password')
os.rmdir('dir')
except:
print "some error"
finally:
change_user('old_user', 'password')

On Unix I took at look at os.seteuid() and os.setegid() functions and
I noticed they could be useful for my purpose.
On Windows I have no idea about how could I emulate a similar
behaviour.
Could someone please point me in the right direction?
Thanks in advance

Aug 22 '07 #1
Share this Question
Share on Google+
6 Replies


P: n/a
billiejoex wrote:
Hi there. I'm writing a modification for a FTP server library I'm
maintaining.
Depending on the system I'd want to temporarily impersonate the logged
user to perform actions on filesystem.
Something like:

try:
change_user('user', 'password')
os.rmdir('dir')
except:
print "some error"
finally:
change_user('old_user', 'password')

On Unix I took at look at os.seteuid() and os.setegid() functions and
I noticed they could be useful for my purpose.
On Windows I have no idea about how could I emulate a similar
behaviour.
Could someone please point me in the right direction?
(Warning: not tried, but at least gives you the things to Google for!)

You need the win32security module from the pywin32 extensions. [1]
In particular, you want to look at the LogonUser and
ImpersonateLoggedOnUser functions.

TJG

[1] http://pywin32.sf.net
Aug 23 '07 #2

P: n/a
On 23 Ago, 10:38, Tim Golden <m...@timgolden.me.ukwrote:
billiejoex wrote:
Hi there. I'm writing a modification for a FTP server library I'm
maintaining.
Depending on the system I'd want to temporarily impersonate the logged
user to perform actions on filesystem.
Something like:
try:
change_user('user', 'password')
os.rmdir('dir')
except:
print "some error"
finally:
change_user('old_user', 'password')
On Unix I took at look at os.seteuid() and os.setegid() functions and
I noticed they could be useful for my purpose.
On Windows I have no idea about how could I emulate a similar
behaviour.
Could someone please point me in the right direction?

(Warning: not tried, but at least gives you the things to Google for!)

You need the win32security module from the pywin32 extensions. [1]
In particular, you want to look at the LogonUser and
ImpersonateLoggedOnUser functions.

TJG

[1]http://pywin32.sf.net- Nascondi testo tra virgolette -

- Mostra testo tra virgolette -
Thanks for suggestion.
I made it.

Aug 23 '07 #3

P: n/a
On 8/23/07, billiejoex <gn****@gmail.comwrote:
On 23 Ago, 10:38, Tim Golden <m...@timgolden.me.ukwrote:
billiejoex wrote:
Hi there. I'm writing a modification for a FTP server library I'm
maintaining.
Depending on the system I'd want to temporarily impersonate the logged
user to perform actions on filesystem.
Something like:
try:
change_user('user', 'password')
os.rmdir('dir')
except:
print "some error"
finally:
change_user('old_user', 'password')
On Unix I took at look at os.seteuid() and os.setegid() functions and
I noticed they could be useful for my purpose.
On Windows I have no idea about how could I emulate a similar
behaviour.
Could someone please point me in the right direction?
(Warning: not tried, but at least gives you the things to Google for!)

You need the win32security module from the pywin32 extensions. [1]
In particular, you want to look at the LogonUser and
ImpersonateLoggedOnUser functions.

TJG

[1]http://pywin32.sf.net- Nascondi testo tra virgolette -

- Mostra testo tra virgolette -

Thanks for suggestion.
I made it.

Note that running your process as a user with enough priviledges to
impersonate another user pretty much eliminates all the benefits of
running as a low-priviledged user in the first place. Consider
re-thinking your application model and having an "ftp" user instead.
Aug 23 '07 #4

P: n/a
On 23 Ago, 13:13, "Chris Mellon" <arka...@gmail.comwrote:
On 8/23/07, billiejoex <gne...@gmail.comwrote:


On 23 Ago, 10:38, Tim Golden <m...@timgolden.me.ukwrote:
billiejoex wrote:
Hi there. I'm writing a modification for a FTP server library I'm
maintaining.
Depending on the system I'd want to temporarily impersonate the logged
user to perform actions on filesystem.
Something like:
try:
change_user('user', 'password')
os.rmdir('dir')
except:
print "some error"
finally:
change_user('old_user', 'password')
On Unix I took at look at os.seteuid() and os.setegid() functions and
I noticed they could be useful for my purpose.
On Windows I have no idea about how could I emulate a similar
behaviour.
Could someone please point me in the right direction?
(Warning: not tried, but at least gives you the things to Google for!)
You need the win32security module from the pywin32 extensions. [1]
In particular, you want to look at the LogonUser and
ImpersonateLoggedOnUser functions.
TJG
[1]http://pywin32.sf.net-Nascondi testo tra virgolette -
- Mostra testo tra virgolette -
Thanks for suggestion.
I made it.

Note that running your process as a user with enough priviledges to
impersonate another user pretty much eliminates all the benefits of
running as a low-priviledged user in the first place. Consider
re-thinking your application model and having an "ftp" user instead.- Nascondi testo tra virgolette -

- Mostra testo tra virgolette -
Could you be more precise?
Why it's not a good idea?
I was thinking of starting ftpd as limited user ('nobody'/'ftp' on
unix, 'Guest' on Windows), then temporary switching to another user
when I got to perform actions on file system.
Maybe you're saying that as limited user I can't do such switching?

Aug 23 '07 #5

P: n/a
billiejoex wrote:
On 23 Ago, 13:13, "Chris Mellon" <arka...@gmail.comwrote:
[...]
>Note that running your process as a user with enough priviledges to
impersonate another user pretty much eliminates all the benefits of
running as a low-priviledged user in the first place. Consider
re-thinking your application model and having an "ftp" user instead.- Nascondi testo tra virgolette -

- Mostra testo tra virgolette -

Could you be more precise?
Why it's not a good idea?
I was thinking of starting ftpd as limited user ('nobody'/'ftp' on
unix, 'Guest' on Windows), then temporary switching to another user
when I got to perform actions on file system.
Maybe you're saying that as limited user I can't do such switching?
That's exactly what he's saying.

regards
Steve
--
Steve Holden +1 571 484 6266 +1 800 494 3119
Holden Web LLC/Ltd http://www.holdenweb.com
Skype: holdenweb http://del.icio.us/steve.holden
--------------- Asciimercial ------------------
Get on the web: Blog, lens and tag the Internet
Many services currently offer free registration
----------- Thank You for Reading -------------

Aug 23 '07 #6

P: n/a
On 23 Ago, 23:20, Steve Holden <st...@holdenweb.comwrote:
billiejoex wrote:
On 23 Ago, 13:13, "Chris Mellon" <arka...@gmail.comwrote:
[...]
Note that running your process as a user with enough priviledges to
impersonate another user pretty much eliminates all the benefits of
running as a low-priviledged user in the first place. Consider
re-thinking your application model and having an "ftp" user instead.- Nascondi testo tra virgolette -
- Mostra testo tra virgolette -
Could you be more precise?
Why it's not a good idea?
I was thinking of starting ftpd as limited user ('nobody'/'ftp' on
unix, 'Guest' on Windows), then temporary switching to another user
when I got to perform actions on file system.
Maybe you're saying that as limited user I can't do such switching?

That's exactly what he's saying.

regards
Steve
--
Steve Holden +1 571 484 6266 +1 800 494 3119
Holden Web LLC/Ltd http://www.holdenweb.com
Skype: holdenweb http://del.icio.us/steve.holden
--------------- Asciimercial ------------------
Get on the web: Blog, lens and tag the Internet
Many services currently offer free registration
----------- Thank You for Reading -------------- Nascondi testo tra virgolette -

- Mostra testo tra virgolette -
Uhm... I'm confused.
Which kind of aproach is generally adopted in such cases?

Aug 23 '07 #7

This discussion thread is closed

Replies have been disabled for this discussion.