Change process privileges to new user/group. If UID and GID is specified, the real user/group is changed. If only UID is specified, the real user is changed, and the group is changed to the users primary group. If only GID is specified, only the group is changed.
(uid=None, gid=None)
| 526 | |
| 527 | |
| 528 | def maybe_drop_privileges(uid=None, gid=None): |
| 529 | """Change process privileges to new user/group. |
| 530 | |
| 531 | If UID and GID is specified, the real user/group is changed. |
| 532 | |
| 533 | If only UID is specified, the real user is changed, and the group is |
| 534 | changed to the users primary group. |
| 535 | |
| 536 | If only GID is specified, only the group is changed. |
| 537 | """ |
| 538 | if sys.platform == 'win32': |
| 539 | return |
| 540 | if os.geteuid(): |
| 541 | # no point trying to setuid unless we're root. |
| 542 | if not os.getuid(): |
| 543 | raise SecurityError('contact support') |
| 544 | uid = uid and parse_uid(uid) |
| 545 | gid = gid and parse_gid(gid) |
| 546 | |
| 547 | if uid: |
| 548 | _setuid(uid, gid) |
| 549 | else: |
| 550 | gid and setgid(gid) |
| 551 | |
| 552 | if uid and not os.getuid() and not os.geteuid(): |
| 553 | raise SecurityError('Still root uid after drop privileges!') |
| 554 | if gid and not os.getgid() and not os.getegid(): |
| 555 | raise SecurityError('Still root gid after drop privileges!') |
| 556 | |
| 557 | |
| 558 | def _setuid(uid, gid): |