“不允许操作"；同时使用setuid()函数放弃特权 [英] "Operation not permitted" while dropping privileges using setuid() function

问题描述

为什么使用os.setuid()/gid()的简单程序失败?用python编写，但我认为这不是语言相关的问题(最后都是相同的posix系统调用):

Why this simple programs that use os.setuid()/gid() fails? Is written in python but I think that is not a language relative problem (at the end are all the same posix system call):

import os, pwd

if os.getenv("SUDO_UID") and os.getenv("SUDO_GID"):
  orig_uid=int(os.getenv("SUDO_UID"))
  orig_gid=int(os.getenv("SUDO_GID"))
else:
  pw = pwd.getpwnam("nobody")
  orig_uid = pw.pw_uid
  orig_gid = pw.pw_gid

print os.getuid(), os.getgid(), os.geteuid(), os.getegid(), orig_uid, orig_gid

os.setgid(orig_gid)
os.setuid(orig_uid)

它返回此异常:

$ sudo python provgid.py 
0 0 0 0 1000 1000
Traceback (most recent call last):
  File "provgid.py", line 15, in <module>
    os.setgid(orig_gid)
OSError: [Errno 1] Operation not permitted

怎么了?

推荐答案

我已经使用此库进行了修复

I've fixed using this library

http://pypi.python.org/pypi/privilege/1.0

这会将特权从root安全地丢弃到另一个用户.

That securely drop privileges from root to another user.

这篇关于“不允许操作"；同时使用setuid()函数放弃特权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！