[Twisted-Python] User manipulation question....

William Waites ww at groovy.net
Wed Jun 8 08:46:03 MDT 2005


On Tue, Jun 07, 2005 at 01:47:31PM -0600, Dmitry S. Makovey wrote:
>
> My problem right now is that I can't run server as unprivileged user 
> and switch to other user's accounts. That would mean that I'd 
> probably need:
> 1. run server as privileged user so I can setuid(...) any time I want

Not the best idea, of course.

> 2. run two threads or so so that one thread is superuser-owned and the 
> other one (the one that responds to requests) is non-privileged. 
> First one will handle file operations since it can change uid 
> on-the-flight and come back to normal.
> 
> I would prefer to implement second solution but I'm puzzled on where 
> to start. Does twisted provide such capabilities out-of-the-box?

I'm reasonably sure it doesn't. You can't have threads in a single
process owned by different users. What you would have to do is
run different processes.

The only way I can think of right now, after only one coffee, 
is to have one twisted process that sits on the port
and waits for connections. When it gets one, it authenticates the
user then sends a message (pb maybe) to a superuser-owned process
whose only job is to fork(2) a user-owned process for file io
and to inform it how to talk with the original process that is 
holding the port... It would remain to write the file io <--> pb
glue I think...

Cheers,
-w




More information about the Twisted-Python mailing list