On Wed, Jun 12, 2013 at 12:03 AM, Alan Cabrera <l...@toolazydogs.com> wrote: >... > Why wouldn't we use os.setuid()?
Only root can call os.setuid(), and voter certainly never runs as root :-) The compiled copies of wrapsuid.c will use filesystem's setuid bit to switch users from $whoever to 'voter' (or whatever is configured). Thus, the Python interpreter will execute under the voter (effective) UID. Cheers, -g
