[Zope-CVS] CVS: Packages/SFTPGateway/src/sftpgateway -
application.py:1.13 component.xml:1.2 main.py:1.6
Fred L. Drake, Jr.
fred at zope.com
Mon Jan 5 17:33:46 EST 2004
Update of /cvs-repository/Packages/SFTPGateway/src/sftpgateway
In directory cvs.zope.org:/tmp/cvs-serv23758
Modified Files:
application.py component.xml main.py
Log Message:
support dropping of priviledges when running as root; does not quite do the
right thing regarding creating log files
=== Packages/SFTPGateway/src/sftpgateway/application.py 1.12 => 1.13 ===
--- Packages/SFTPGateway/src/sftpgateway/application.py:1.12 Fri Jan 2 18:30:20 2004
+++ Packages/SFTPGateway/src/sftpgateway/application.py Mon Jan 5 17:33:44 2004
@@ -15,6 +15,7 @@
import grp
import logging
+import os
import pwd
import ZConfig
@@ -43,7 +44,19 @@
port = 22
factory = SFTPFactory(self)
self.info("starting; listening on %s:%s", host, port)
- reactor.listenTCP(port, factory, interface=host)
+ user = self.options.effective_user
+ if user:
+ euid = os.geteuid()
+ egid = os.getegid()
+ os.setegid(0)
+ os.seteuid(0)
+ try:
+ reactor.listenTCP(port, factory, interface=host)
+ finally:
+ os.setegid(egid)
+ os.seteuid(euid)
+ else:
+ reactor.listenTCP(port, factory, interface=host)
reactor.run()
self.info("stopping")
return 0
=== Packages/SFTPGateway/src/sftpgateway/component.xml 1.1 => 1.2 ===
--- Packages/SFTPGateway/src/sftpgateway/component.xml:1.1 Tue Dec 23 15:39:48 2003
+++ Packages/SFTPGateway/src/sftpgateway/component.xml Mon Jan 5 17:33:44 2004
@@ -36,6 +36,17 @@
</description>
</key>
+ <key name="effective-user"
+ required="no">
+ <description>
+ If you intend to run SFTP Gateway as the "root" user, you may
+ supply this setting with an effective username or userid
+ number to which the gateway will 'suid' after the server port
+ is bound. This directive only has effect under UNIX and if
+ the gateway is started as the root user.
+ </description>
+ </key>
+
<key name="attribute-cache-lifetime"
datatype="integer"
default="0">
=== Packages/SFTPGateway/src/sftpgateway/main.py 1.5 => 1.6 ===
--- Packages/SFTPGateway/src/sftpgateway/main.py:1.5 Fri Jan 2 18:30:20 2004
+++ Packages/SFTPGateway/src/sftpgateway/main.py Mon Jan 5 17:33:44 2004
@@ -39,6 +39,25 @@
pubkeyfn = self.private_host_key + ".pub"
self.public_host_key = pubkeyfn
#
+ # if we're running as root, drop priviledges here so we can
+ # safely open log files:
+ #
+ dropped_privs = False
+ username = self.effective_user
+ if os.getuid() == 0 and username:
+ import pwd
+ try:
+ uid = int(username)
+ except ValueError:
+ pwinfo = pwd.getpwnam(username)
+ else:
+ pwinfo = pwd.getpwuid(uid)
+ uid = pwinfo.pw_uid
+ gid = pwinfo.pw_gid
+ os.setegid(gid)
+ os.seteuid(uid)
+ dropped_privs = True
+ #
if self.config_logger is None:
# no configured logger; create a reasonable default:
logger = logging.getLogger("sftpgateway")
@@ -52,6 +71,8 @@
self.config_logger.startup()
logger = self.config_logger()
self.logger = logger
+ if dropped_privs:
+ logger.debug("acting as user %s", username)
def __getattr__(self, name):
return getattr(self.configroot.gateway, name)
More information about the Zope-CVS
mailing list