MCPcopy
hub / github.com/celery/celery / maybe_drop_privileges

Function maybe_drop_privileges

celery/platforms.py:528–555  ·  view source on GitHub ↗

Change process privileges to new user/group. If UID and GID is specified, the real user/group is changed. If only UID is specified, the real user is changed, and the group is changed to the users primary group. If only GID is specified, only the group is changed.

(uid=None, gid=None)

Source from the content-addressed store, hash-verified

526
527
528def maybe_drop_privileges(uid=None, gid=None):
529 """Change process privileges to new user/group.
530
531 If UID and GID is specified, the real user/group is changed.
532
533 If only UID is specified, the real user is changed, and the group is
534 changed to the users primary group.
535
536 If only GID is specified, only the group is changed.
537 """
538 if sys.platform == 'win32':
539 return
540 if os.geteuid():
541 # no point trying to setuid unless we're root.
542 if not os.getuid():
543 raise SecurityError('contact support')
544 uid = uid and parse_uid(uid)
545 gid = gid and parse_gid(gid)
546
547 if uid:
548 _setuid(uid, gid)
549 else:
550 gid and setgid(gid)
551
552 if uid and not os.getuid() and not os.geteuid():
553 raise SecurityError('Still root uid after drop privileges!')
554 if gid and not os.getgid() and not os.getegid():
555 raise SecurityError('Still root gid after drop privileges!')
556
557
558def _setuid(uid, gid):

Callers 7

test_on_windowsMethod · 0.90
test_with_uidMethod · 0.90
test_with_guidMethod · 0.90
test_only_gidMethod · 0.90
beatFunction · 0.90
workerFunction · 0.90
detachedFunction · 0.85

Calls 5

SecurityErrorClass · 0.85
parse_uidFunction · 0.85
parse_gidFunction · 0.85
_setuidFunction · 0.85
setgidFunction · 0.85

Tested by 4

test_on_windowsMethod · 0.72
test_with_uidMethod · 0.72
test_with_guidMethod · 0.72
test_only_gidMethod · 0.72