Comment 11 for bug 1262264

Revision history for this message
Hans Petrie (hhus) wrote :

I fully believe this is a bug in swift and should be fixed. Here is a more elegant solution that appends all existing member groups of a given user to the process so that swift-proxy will respect group memberships set by the admin rather than effectively "clearing" the group memberships. I propose the following patch to /usr/share/pyshared/swift/common/utils.py:
cloudscaling@zm-meth:~$ diff -c utils.py newutils.py

*** utils.py 2014-01-15 07:13:29.500844967 -0800
--- newutils.py 2014-01-15 07:12:57.736974152 -0800
***************
*** 18,24 ****
  import errno
  import fcntl
  import os
! import pwd
  import sys
  import time
  import functools
--- 18,24 ----
  import errno
  import fcntl
  import os
! import pwd, grp
  import sys
  import time
  import functools
***************
*** 849,857 ****

      :param user: User name to change privileges to
      """
      user = pwd.getpwnam(user)
      if os.geteuid() == 0:
! os.setgroups([])
      os.setgid(user[3])
      os.setuid(user[2])
      os.environ['HOME'] = user[5]
--- 849,859 ----

      :param user: User name to change privileges to
      """
+
+ groups = [g.gr_gid for g in grp.getgrall() if user in g.gr_mem]
      user = pwd.getpwnam(user)
      if os.geteuid() == 0:
! os.setgroups(groups)
      os.setgid(user[3])
      os.setuid(user[2])
      os.environ['HOME'] = user[5]