New submission from Roman Joost <[email protected]>:
When running a process which changes UID/GID, some of the following processes
will run as the user I change to per process.
In order to reproduce (see the attached reproducer):
1. Change the 'USERNAME' to an unprivileged user on your system.
2. Run the reproducer as a user with elevated privileges (e.g. root or some
secondary user you have on your system). Mind you, I don't think the user you
run as needs elevated privileges, but that's the user I ran as when I observed
this behaviour.
3. The reproducer iterates over a list (It stems from a test function which was
checking permissions on log files). Observe the print out, which prints the
process' GID, UID and secondary groups before we're changing to the users GID,
UID and secondary groups.
4. You should observe that at some point the process prints the user
information of the user we want to change to not the one which initially
started the script.
Example output when running locally as root:
('B', (0, 0, [0]))
('A', (0, 0, [0]))
('C', (0, 0, [0]))
('E', (0, 0, [0]))
('D', (0, 0, [0]))
('F', (1002, 1002, [10, 135, 1000, 1002]))
('H', (1002, 1002, [10, 135, 1000, 1002]))
('I', (1002, 1002, [10, 135, 1000, 1002]))
('J', (1002, 1002, [10, 135, 1000, 1002]))
('G', (1002, 1002, [10, 135, 1000, 1002]))
('K', (1002, 1002, [10, 135, 1000, 1002]))
('L', (1002, 1002, [10, 135, 1000, 1002]))
('M', (1002, 1002, [10, 135, 1000, 1002]))
('N', (1002, 1002, [10, 135, 1000, 1002]))
I would have expected `0` all the way through.
However, if I initialise the Pool with `maxtasksperchild=1` the isolation seems
as expected.
I don't know whether this is a bug or I'm foolish to invoke multiprocessing
like this. I've run out of time to investigate this further. It's certainly
strange behaviour to me and I thought I better report it, since reproducing
seems fairly deterministic.
----------
assignee: docs@python
components: Documentation, Library (Lib)
files: reproducer.py
messages: 357773
nosy: docs@python, romanofski
priority: normal
severity: normal
status: open
title: multiprocessing processes seem to "bleed" user information
(GID/UID/groups)
type: behavior
versions: Python 3.6, Python 3.7
Added file: https://bugs.python.org/file48753/reproducer.py
_______________________________________
Python tracker <[email protected]>
<https://bugs.python.org/issue38963>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
