amoghrajesh commented on code in PR #51149:
URL: https://github.com/apache/airflow/pull/51149#discussion_r2120202577
##########
task-sdk/src/airflow/sdk/execution_time/task_runner.py:
##########
@@ -703,7 +703,41 @@ def send_request(self, log: Logger, msg: SendMsgType):
# 3. Shutdown and report status
+def impersonate_user(username: str, log: Logger):
+ """
+ Impersonate as the specified user by changing the process's UID and GID.
+
+ Helper to attempt to set privileges from the current user (root) to the
provided username in the task
+ by setting the effective UID and GID.
+
+ Example:
+ impersonate_user("airflowuser")
+ """
+ import pwd
+
+ try:
+ pw_record = pwd.getpwnam(username)
+ uid, gid = pw_record.pw_uid, pw_record.pw_gid
+
+ # always drop group privileges before dropping user privileges;
+ # otherwise, group privileges may not be able to be fully dropped.
+
+ os.setgid(gid)
+ os.setuid(uid)
Review Comment:
Yeah there's a limitation that the user has to be "root" in order to run
this and I am trying to work on an alternative proposal due to that limitation.
Ideas are welcome @codenamelxl
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
