f



Inconsistency between os.getgroups and os.system('groups') after os.setgroups()

Run this test program as root:

import os

print "before:", os.getgroups()
os.system("groups")
os.setgroups([])
print "after:", os.getgroups()
os.system("groups")

After the os.setgroups, os.getgroups says that the process is not in any gr=
oups, just as you would expect.  However the groups command run using os.sy=
stem says that the process is in the root group.  It appears that the new p=
rocess started by os.system augments the group membership specified in the =
os.setgroups command with the group of the actual user of the original proc=
ess (which is root).  I can suppress membership in the root group only by d=
oing os.setgid and os.setuid before the os.system call (in which case I win=
d up in the group of the new user instead of root), but I have to be able t=
o get back to root privilege so I can't use setgid and setuid.  How do I ru=
n a program from a Python script running as root such that the group member=
ship of the process running the program does not include root?
0
3beezer (4)
3/25/2012 9:32:00 PM
comp.lang.python 77058 articles. 6 followers. Post Follow

5 Replies
1232 Views

Similar Articles

[PageSpeed] 39

Am 25.03.2012 23:32, schrieb jeff:
> After the os.setgroups, os.getgroups says that the process is not in
> any groups, just as you would expect... I can suppress
> membership in the root group only by doing os.setgid and os.setuid
> before the os.system call (in which case I wind up in the group of 
> the
> new user instead of root), but I have to be able to get back to root
> privilege so I can't use setgid and setuid.

Simply not possible (i.e., you can't drop root privileges, be it by 
setuid()/setgid() or removing yourself from groups with setgroups()), 
and later reacquire them _in the same process_. See the discussion of 
how to implement privilege separation at

http://www.citi.umich.edu/u/provos/ssh/privsep.html

(which discusses how this is implemented in OpenSSH) by running 
multiple processes which communicate through IPC mechanisms, and each of 
those drops the rights it requires. Using IPC to implement 
reduced-privilege process spawning has a long history; also, Postfix 
comes to mind as an "early" adopter of a privilege separation mechanism.

-- 
--- Heiko.
0
3/25/2012 10:04:55 PM
On Sunday, March 25, 2012 4:04:55 PM UTC-6, Heiko Wundram wrote:
> Am 25.03.2012 23:32, schrieb jeff:
> > After the os.setgroups, os.getgroups says that the process is not in
> > any groups, just as you would expect... I can suppress
> > membership in the root group only by doing os.setgid and os.setuid
> > before the os.system call (in which case I wind up in the group of 
> > the
> > new user instead of root), but I have to be able to get back to root
> > privilege so I can't use setgid and setuid.
> 
> Simply not possible (i.e., you can't drop root privileges, be it by 
> setuid()/setgid() or removing yourself from groups with setgroups()), 
> and later reacquire them _in the same process_. See the discussion of 
> how to implement privilege separation at
> 
> http://www.citi.umich.edu/u/provos/ssh/privsep.html
> 
> (which discusses how this is implemented in OpenSSH) by running 
> multiple processes which communicate through IPC mechanisms, and each of 
> those drops the rights it requires. Using IPC to implement 
> reduced-privilege process spawning has a long history; also, Postfix 
> comes to mind as an "early" adopter of a privilege separation mechanism.
> 
> -- 
> --- Heiko.

os.system("su -m <unprivileged_user> -c '<command string>'")

seems to do the trick.
0
3beezer (4)
3/25/2012 11:33:59 PM
On Sunday, March 25, 2012 4:04:55 PM UTC-6, Heiko Wundram wrote:
> Am 25.03.2012 23:32, schrieb jeff:
> > After the os.setgroups, os.getgroups says that the process is not in
> > any groups, just as you would expect... I can suppress
> > membership in the root group only by doing os.setgid and os.setuid
> > before the os.system call (in which case I wind up in the group of 
> > the
> > new user instead of root), but I have to be able to get back to root
> > privilege so I can't use setgid and setuid.
> 
> Simply not possible (i.e., you can't drop root privileges, be it by 
> setuid()/setgid() or removing yourself from groups with setgroups()), 
> and later reacquire them _in the same process_. See the discussion of 
> how to implement privilege separation at
> 
> http://www.citi.umich.edu/u/provos/ssh/privsep.html
> 
> (which discusses how this is implemented in OpenSSH) by running 
> multiple processes which communicate through IPC mechanisms, and each of 
> those drops the rights it requires. Using IPC to implement 
> reduced-privilege process spawning has a long history; also, Postfix 
> comes to mind as an "early" adopter of a privilege separation mechanism.
> 
> -- 
> --- Heiko.

os.system("su -m <unprivileged_user> -c '<command string>'")

seems to do the trick.
0
3beezer (4)
3/25/2012 11:33:59 PM
jeff <3beezer@gmail.com> writes:

> On Sunday, March 25, 2012 4:04:55 PM UTC-6, Heiko Wundram wrote:
> > Am 25.03.2012 23:32, schrieb jeff:
> > > but I have to be able to get back to root privilege so I can't use
> > > setgid and setuid.
> > 
> > Simply not possible (i.e., you can't drop root privileges, be it by 
> > setuid()/setgid() or removing yourself from groups with setgroups()), 
> > and later reacquire them _in the same process_. See the discussion of 
> > how to implement privilege separation at
> > 
> > http://www.citi.umich.edu/u/provos/ssh/privsep.html
>
> os.system("su -m <unprivileged_user> -c '<command string>'")
>
> seems to do the trick.

Yes, because ‘os.system’ explicitly starts a new process.

It can't be done in the same process, as Heiko correctly said.

-- 
 \       “Faith, n. Belief without evidence in what is told by one who |
  `\   speaks without knowledge, of things without parallel.” —Ambrose |
_o__)                           Bierce, _The Devil's Dictionary_, 1906 |
Ben Finney
0
python6 (1029)
3/26/2012 12:22:10 AM
On Sunday, March 25, 2012 6:22:10 PM UTC-6, Ben Finney wrote:
> jeff writes:
>=20
> > On Sunday, March 25, 2012 4:04:55 PM UTC-6, Heiko Wundram wrote:
> > > Am 25.03.2012 23:32, schrieb jeff:
> > > > but I have to be able to get back to root privilege so I can't use
> > > > setgid and setuid.
> > >=20
> > > Simply not possible (i.e., you can't drop root privileges, be it by=
=20
> > > setuid()/setgid() or removing yourself from groups with setgroups()),=
=20
> > > and later reacquire them _in the same process_. See the discussion of=
=20
> > > how to implement privilege separation at
> > >=20
> > > http://www.citi.umich.edu/u/provos/ssh/privsep.html
> >
> > os.system("su -m <unprivileged_user> -c '<command string>'")
> >
> > seems to do the trick.
>=20
> Yes, because =91os.system=92 explicitly starts a new process.
>=20
> It can't be done in the same process, as Heiko correctly said.
>=20
> --=20
>  \       =93Faith, n. Belief without evidence in what is told by one who =
|
>   `\   speaks without knowledge, of things without parallel.=94 =97Ambros=
e |
> _o__)                           Bierce, _The Devil's Dictionary_, 1906 |
> Ben Finney

I didn't ask how to do it in the same process, but thanks to both of you fo=
r that information.

By the way, are you guys aware of seteuid and setegid?
0
3beezer (4)
3/26/2012 2:41:37 PM
Reply:

Similar Artilces:

RE: Obsucure Inquier article about Intel mentions VMS (and not any other OS') other OS') other OS') other OS') other OS') other OS') other OS') other OS') other OS') other OS') other
> -----Original Message----- > From: JF Mezei [mailto:jfmezei.spamnot@teksavvy.com]=20 > Sent: October 11, 2004 11:45 PM > To: Info-VAX@Mvb.Saic.Com > Subject: Re: Obsucure Inquier article about Intel mentions=20 > VMS (and not any other OS') other OS') other OS') other OS')=20 > other OS') other OS') other OS') other OS') other OS') other=20 > OS') other OS') other OS') other OS') other OS') other OS') other=20 >=20 > "Main, Kerry" wrote: > > Course, there are many ways to offer differen...

RE: Obsucure Inquier article about Intel mentions VMS (and not any other OS') other OS') other OS') other OS') other OS') other OS') other OS') other OS') other OS')
> -----Original Message----- > From: Soterro [mailto:soterroatyahoocom@address.hp.com]=20 > Sent: October 11, 2004 9:43 AM > To: Info-VAX@Mvb.Saic.Com > Subject: Re: Obsucure Inquier article about Intel mentions=20 > VMS (and not any other OS') other OS') other OS') other OS')=20 > other OS') other OS') other OS') other OS') other OS') >=20 > Main, Kerry wrote: > >>From: John Smith [mailto:a@nonymous.com]=20 > >>You aren't directly to blame for this and I know you'd like=20 > >>to keep your > &...

do 'os.path' include 'os' for us?
Hi, I wrote a python script to list files in a directory but somehow did it wrongly by importing os.path instead of os. To my astonishment, it works just as charm: #!/usr/bin/python import os.path for file in os.listdir('/root/'): print file I was wondering why? os.path doesn't contain listdir, why there is no complaint like 'os: unknown name'? Does this mean, instead of importing os, we can import os.path? Thanks. On Mar 27, 6:41=A0pm, Jerry Fleming <jerry.flem...@saybot.com> wrote: > Hi, > > I wrote a python script to list files in a directory but ...

RE: Obsucure Inquier article about Intel mentions VMS (and not any other OS') other OS') other OS')
> -----Original Message----- > From: JF Mezei [mailto:jfmezei.spamnot@teksavvy.com]=20 > Sent: October 10, 2004 2:45 AM > To: Info-VAX@Mvb.Saic.Com > Subject: Re: Obsucure Inquier article about Intel mentions=20 > VMS (and not any other OS') other OS') other OS') >=20 [snip..] >=20 > These days, the CIO reads trade mags on the commuter train=20 > and sees people > moving to windows or Linux and decides that his company must=20 > be ahead of the > race and hurry to migrate to this week's trendy product. >=20 >=20 > ITS ALL ABOU...

RE: Obsucure Inquier article about Intel mentions VMS (and not any other OS') other OS') other OS') #4
> -----Original Message----- > From: Larry Kilgallen [mailto:Kilgallen@SpamCop.net]=20 > Sent: October 11, 2004 5:33 AM > To: Info-VAX@Mvb.Saic.Com > Subject: RE: Obsucure Inquier article about Intel mentions=20 > VMS (and not any other OS') other OS') other OS') >=20 > In article=20 > <FD827B33AB0D9C4E92EACEEFEE2BA2FB45D86E@tayexc19.americas.cpqc > orp.net>, "Main, Kerry" <kerry.main@hp.com> writes: > >=20 > >> -----Original Message----- > >> From: Larry Kilgallen [mailto:Kilgallen@SpamCop.net]=3D20 > ...

RE: Obsucure Inquier article about Intel mentions VMS (and not any other OS') other OS') other OS') #3
> -----Original Message----- > From: Larry Kilgallen [mailto:Kilgallen@SpamCop.net]=20 > Sent: October 10, 2004 10:52 PM > To: Info-VAX@Mvb.Saic.Com > Subject: RE: Obsucure Inquier article about Intel mentions=20 > VMS (and not any other OS') other OS') other OS') >=20 > In article=20 > <FD827B33AB0D9C4E92EACEEFEE2BA2FB45D86D@tayexc19.americas.cpqc > orp.net>, "Main, Kerry" <kerry.main@hp.com> writes: >=20 > > for that matter. However, I know of two major Customers=20 > that wanted to > > convert OpenVMS applica...

RE: Obsucure Inquier article about Intel mentions VMS (and not any other OS') other OS') other OS') #2
> -----Original Message----- > From: John Smith [mailto:a@nonymous.com]=20 > Sent: October 10, 2004 6:18 PM > To: Info-VAX@Mvb.Saic.Com > Subject: Re: Obsucure Inquier article about Intel mentions=20 > VMS (and not any other OS') other OS') other OS') >=20 [snip...] > How many 30'something CTO's even know what VMS is? How many=20 > of their system > architects or programmers? After the .crash era, there are likely very few CTO's left in their 30's. Those folks are more likely back in the trenches doing mid level mgmt jobs. Hey, I a...

3.0rc3: List of 'os.', 'os.path.' attribute redundencies ... !! ?
IDLE 3.0rc3 (using XP) >>> import os >>> os.altsep '/' >>> os.path.altsep '/' >>> os.curdir '.' >>> os.path.curdir '.' >>> os.defpath '.;C:\\bin' >>> os.path.defpath '.;C:\\bin' >>> os.devnull 'nul' >>> os.path.devnull 'nul' >>> os.pardir '..' >>> os.path.pardir '..' >>> os.pathsep ';' >>> os.path.pathsep ';' >>> os.sep '\\' >>> os.path.sep '\\...

open(os.path.join(os.path.dirname(__file__),'../www/bin/picture.png'), 'rb')
open(os.path.join(os.path.dirname(__file__),'../www/bin/picture.png'), 'rb') how do you do this on windows (py3) so it still works on linux ? gert schrieb: > open(os.path.join(os.path.dirname(__file__),'../www/bin/picture.png'), > 'rb') > how do you do this on windows (py3) so it still works on linux ? os.path.join("..", "www", "bin", "picture.png") Or use os.sep. Diez Diez B. Roggisch wrote: > gert schrieb: >> open(os.path.join(os.path.dirname(__file__),'../www/bin/picture.png'), >> &#...

Anyone have a spare set of 4.39 ROMs or a soft-loadable OS 4.39 for an OS v4.02 system.
This is a personal request to allow me to upgrade my own A7000+ to what seems to be the latest, most sensible OS upgrade path for this hardware vintage. In message <1b7548a4-4328-4414-95a8-0e07af0f80f1@33g2000vbe.googlegrou ps.com> Gazza <usenet@garethlock.com> wrote: > This is a personal request to allow me to upgrade my own A7000+ to > what seems to be the latest, most sensible OS upgrade path for this > hardware vintage. If you are running RISC OS 4 in ROM, the best upgrade path is to RISC OS 6. This can be purchased from the RISCOS Ltd sales site (htt...

supplying password to subprocess.call('rsync ...'), os.system('rsync ...')
Hi I want to write a python script that runs rsync on a given directory and host. I build the command line string, but when I try to run subprocess.call(cmd), or p=subprocess.Popen(cmd, shell=True),or os.system(cmd), I get prompted for my login password. I expected this, but when I try to give my password, it's echoed back to the terminal and the special characters in the password is (I think) getting interpreted by the shell (zsh) I can't ssh w/o supplying a password. That's the way the security is set up here. How do I use python to do this, or do I just have to write a zsh sc...

sharing same 'Eudora Folder'
Hi all. I have heard that if I have both an OS 9 and an OS X installation on the same machine, the two respective Eudora apps can share the same Eudora Folder, with the same mailboxes, prefs, etc. But does this still apply if the two apps ('Classic' vs. OS X) are different versions? Right now I'm usig Eudora 4.33 on OS 8.6. I'll soon be upgrading to an OS X/OS 9 machine. I understand that on pre-OS X systems, anything post-5.1.1 (including the current betas of version 6) is so slow as to be unusable, but I assume I'll want to use the latest version on m...

os.system('cd dir1 ... and executing next os.system command in that directory (dir1)
Hello, I'm having problems with os.system. If I execute some 'cd directory' command with it, after that the script is on the same directory level as it was before the command. Any ideas ? Thanks in advance. Sami Viitanen wrote: > I'm having problems with os.system. > > If I execute some 'cd directory' command with it, after that the script is > on the > same directory level as it was before the command. > > Any ideas ? os.system creates a new process that executes your command. Python's own process is not affected. You'll want to ...

Study: Apple's Mac OS X 'world's safest and most secure' operating system
http://www.macdailynews.com/comments.php?id=P3766_0_1_0 AeoN wrote: > > http://www.macdailynews.com/comments.php?id=P3766_0_1_0 Taking after windopes in more ways than one. 1. Its not GNU/Linux and therefore nothing to do with Linux. 2. Its not free and you have to pay. 3. Its closed source. 2. I can't count. It is clearly world's safest and most secure operating system (not - only 80 holes fixed that last time they did a patch, so if there were 81 bugs, you are fscked now! - clever ain't it?) 5. So what happened when they started claiming their PCs were the...

Web resources about - Inconsistency between os.getgroups and os.system('groups') after os.setgroups() - comp.lang.python

Resources last updated: 2/5/2016 3:28:09 AM