In swift/common/utils.py the function drop_privileges can be found.
(line 464):
def drop_privileges(user):
"""
Sets the userid/groupid of the current process, get session leader, etc.
:param user: User name to change privileges to
"""
user = pwd.getpwnam(user)
os.setgid(user[3])
os.setuid(user[2])
try:
os.setsid()
except OSError:
pass
os.chdir('/') # in case you need to rmdir on where you started the daemon
os.umask(0) # ensure files are created with the correct privileges
<--- On linux without dropping the starting user's groups it is possible for the drop_privileges method to not properly drop all intended groups(and keep group id of the user).
The drop_privileges method appears to be used by swift/common/daemon.py (on a quick inspection). I will have more time to look at this tomorrow and will do so then.
In swift/common/ utils.py the function drop_privileges can be found.
(line 464): (user):
def drop_privileges
"""
Sets the userid/groupid of the current process, get session leader, etc.
:param user: User name to change privileges to setgid( user[3] ) setuid( user[2] )
"""
user = pwd.getpwnam(user)
os.
os.
try:
os.setsid()
except OSError:
pass
os.chdir('/') # in case you need to rmdir on where you started the daemon
os.umask(0) # ensure files are created with the correct privileges
<--- On linux without dropping the starting user's groups it is possible for the drop_privileges method to not properly drop all intended groups(and keep group id of the user). daemon. py (on a quick inspection). I will have more time to look at this tomorrow and will do so then.
The drop_privileges method appears to be used by swift/common/