[andrew-twisted at puzzling.org: Re: [Twisted-Python] shedding root]

Andrew Bennetts andrew-twisted at puzzling.org
Wed Apr 6 00:58:33 MDT 2005 

Matt forgot to CC the list (then so did I).

----- Forwarded message from Andrew Bennetts <andrew-twisted at puzzling.org> -----

Date: Wed, 6 Apr 2005 12:16:40 +1000
From: Andrew Bennetts <andrew-twisted at puzzling.org>
To: Matt Feifarek <matt.feifarek at gmail.com>
Subject: Re: [Twisted-Python] shedding root
User-Agent: Mutt/1.5.6+20040907i

On Tue, Apr 05, 2005 at 09:25:17PM -0400, Matt Feifarek wrote:
> Thanks.
> 
> For some boring reasons, I can't really structure my whole app as a
> twisted app; I just need some little  twisted bits.
> 
> It seems that it's hard to do that; you really have to drink the whole
> kool-aid to use twisted.

It's not too hard, it's just not particularly visibly documented, because
it's not the usual case.

twistd uses twisted.application.  You'll want to do something like:

    from twisted.application import service
    from twisted.scripts.twistd import shedPrivileges
    from twisted.internet import reactor
    import mymodule

    app = service.Application('foo')
    myservice = mymodule.MyService(...)
    myservice.setServiceParent(app)

    service.IService(app).privilegedStartService()
    shedPrivileges(euid, uid, gid)
    service.IService(app).startService()
    reactor.addSystemEventTrigger('before', 'shutdown',
                                  service.IService(app).stopService)
    reactor.run()

Where MyService is a subclass of service.Service that overrides startService
and privilegedStartService.  You can attach any number of these to the
service.Applicaiton with setServiceParent.  Basically, this is the same as
you'd do in a .tac file, followed by direct calls to privilegedStartService,
shedPrivileges, startService, etc, rather than relying on twistd to do them.

Services in twisted.application.internet, such as TCPService, already define
appropriate privilegedStartService methods.

If all you need is allowing non-root users to bind to privileged ports, you
might find the authbind utility from debian to be a useful way to leave your
code ignorant of these matters.

-Andrew.


----- End forwarded message -----

More information about the Twisted-Python mailing list