[issue10032] os.setuid and os.setgid have unexpected influence on serial module

Tue, 05 Oct 2010 18:42:13 -0700 

Ned Deily <n...@acm.org> added the comment:

While you did not specify what platform you are running this on, the issue here 
is almost certainly a misunderstanding of how permissions work.  On UNIX-y 
systems, access to device files is normally governed by permissions like any 
other file or directory.  On many systems, groups are set up to allow users to 
access devices without requiring root permission.  User "tjp" is very likely a 
member of a supplementary group that has group permission to the device in 
question.  When run under sudo, the program initially can access the device 
because of the superuser (root) permission.  After it is daemonizied, though, 
it no longer has root but it does not have the supplementary group permissions 
it would have had running normally; it only has uid 1000 and gid 1000.

The following example illustrates:

# in this example, /dev/mixer has a gid of 29 (group=audio)
# and the user (uid=501,gid=501) is a member of group 29
$ id -u
501
$ id -g
501
$ id -G
501 6 22 24 25 27 29 44 46 107 112 114 1001 40100 40200
$ ls -ln /dev/mixer
crw-rw---- 1 0 29 14, 0 Oct  5 14:06 /dev/mixer
$ python -c "open('/dev/mixer','r')"
$ sudo python -c "open('/dev/mixer','r')
$ sudo python -c "import os; os.setgid(501); os.setuid(501); 
open('/dev/mixer','r')"
Traceback (most recent call last):
  File "<string>", line 1, in <module>
IOError: [Errno 13] Permission denied: '/dev/mixer'
$ python -c "import os; print(os.getgroups())"
[6, 22, 24, 25, 27, 29, 44, 46, 107, 112, 114, 501, 1001, 40100, 40200]
$ sudo python -c "import os; print(os.getgroups())"
[0]

If this does not explain the results you are seeing, please re-open with 
additional supporting information.

----------
nosy: +ned.deily
resolution:  -> invalid
status: open -> closed

_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue10032>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to