[Twisted-Python] User manipulation question....
James Y Knight
foom at fuhm.net
Tue Jun 7 16:13:07 EDT 2005
On Jun 7, 2005, at 3:47 PM, Dmitry S. Makovey wrote:
> 1. run server as privileged user so I can setuid(...) any time I want
> 2. run two threads or so so that one thread is superuser-owned and the
> other one (the one that responds to requests) is non-privileged.
> First one will handle file operations since it can change uid
> on-the-flight and come back to normal.
I assume by "thread" you mean "process", because threads in a single
process can't have different owners.
> I would prefer to implement second solution but I'm puzzled on where
> to start. Does twisted provide such capabilities out-of-the-box?
Nope. The way I'd implement it is by having the unprivileged server
execute a setuid-root binary which handles the file operations on
behalf of a user. That binary should verify the user authentication
data the unprivileged server sends it, and then setuid from root to
the end-user uid, and then perform the requested operations.
More information about the Twisted-Python