Source

CherryPy / _cpengine.py

Diff from to

_cpengine.py

         cherrypy.response.finalize()
         return cherrypy.response
 
+
+def drop_privileges(new_user='nobody', new_group='nogroup'):
+    """Drop privileges. UNIX only."""
+    # Special thanks to Gavin Baker: http://antonym.org/node/100.
+    
+    import pwd, grp
+    
+    def names():
+        return pwd.getpwuid(os.getuid())[0], grp.getgrgid(os.getgid())[0]
+    name, group = names()
+    cherrypy.log('Started as %r/%r' % (name, group), "PRIV")
+    
+    if os.getuid() != 0:
+        # We're not root so, like, whatever dude.
+        cherrypy.log("Already running as %r" % name, "PRIV")
+        return
+    
+    # Try setting the new uid/gid (from new_user/new_group).
+    try:
+        os.setgid(grp.getgrnam(new_group)[2])
+    except OSError, e:
+        cherrypy.log('Could not set effective group id: %r' % e, "PRIV")
+    
+    try:
+        os.setuid(pwd.getpwnam(new_user)[2])
+    except OSError, e:
+        cherrypy.log('Could not set effective user id: %r' % e, "PRIV")
+    
+    # Ensure a very convervative umask
+    old_umask = os.umask(077)
+    cherrypy.log('Old umask: %o, new umask: 077' % old_umask, "PRIV")
+    cherrypy.log('Running as %r/%r' % names(), "PRIV")
+
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.