openstack/swift
Code Issues Proposed changes

Merge "Add secondary groups to user during privilege escalation"

Browse Source
This commit is contained in:
Jenkins 2014-01-28 00:37:49 +00:00 committed by Gerrit Code Review
commit 9034558f0b
2 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
swift/common/utils.py
View File

@ -17,6 +17,7 @@
import errno import errno
import fcntl import fcntl
import grp
import hmac import hmac
import operator import operator
import os import os
@ -1164,9 +1165,10 @@ def drop_privileges(user):
:param user: User name to change privileges to :param user: User name to change privileges to
""" """
user = pwd.getpwnam(user)
if os.geteuid() == 0: if os.geteuid() == 0:
os.setgroups([]) groups = [g.gr_gid for g in grp.getgrall() if user in g.gr_mem]
os.setgroups(groups)
user = pwd.getpwnam(user)
os.setgid(user[3]) os.setgid(user[3])
os.setuid(user[2]) os.setuid(user[2])
os.environ['HOME'] = user[5] os.environ['HOME'] = user[5]

5
test/unit/common/test_utils.py
View File

@ -21,6 +21,7 @@ import ctypes
import errno import errno
import eventlet import eventlet
import eventlet.event import eventlet.event
import grp
import logging import logging
import os import os
import random import random
@ -959,6 +960,10 @@ log_name = %(yarr)s'''
import pwd import pwd
self.assertEquals(pwd.getpwnam(user)[5], utils.os.environ['HOME']) self.assertEquals(pwd.getpwnam(user)[5], utils.os.environ['HOME'])
groups = [g.gr_gid for g in grp.getgrall() if user in g.gr_mem]
groups.append(pwd.getpwnam(user).pw_gid)
self.assertEquals(set(groups), set(os.getgroups()))
# reset; test same args, OSError trying to get session leader # reset; test same args, OSError trying to get session leader
utils.os = MockOs(called_funcs=required_func_calls, utils.os = MockOs(called_funcs=required_func_calls,
raise_funcs=('setsid',)) raise_funcs=('setsid',))