[Twisted-Python] User manipulation question....

James Y Knight foom at fuhm.net
Tue Jun 7 16:13:07 EDT 2005


On Jun 7, 2005, at 3:47 PM, Dmitry S. Makovey wrote:
> 1. run server as privileged user so I can setuid(...) any time I want
> or
> 2. run two threads or so so that one thread is superuser-owned and the
> other one (the one that responds to requests) is non-privileged.
> First one will handle file operations since it can change uid
> on-the-flight and come back to normal.

I assume by "thread" you mean "process", because threads in a single  
process can't have different owners.

> I would prefer to implement second solution but I'm puzzled on where
> to start. Does twisted provide such capabilities out-of-the-box?

Nope. The way I'd implement it is by having the unprivileged server  
execute a setuid-root binary which handles the file operations on  
behalf of a user. That binary should verify the user authentication  
data the unprivileged server sends it, and then setuid from root to  
the end-user uid, and then perform the requested operations.

James




More information about the Twisted-Python mailing list