jeff <3bee...@gmail.com> writes: > On Sunday, March 25, 2012 4:04:55 PM UTC-6, Heiko Wundram wrote: > > Am 25.03.2012 23:32, schrieb jeff: > > > but I have to be able to get back to root privilege so I can't use > > > setgid and setuid. > > > > Simply not possible (i.e., you can't drop root privileges, be it by > > setuid()/setgid() or removing yourself from groups with setgroups()), > > and later reacquire them _in the same process_. See the discussion of > > how to implement privilege separation at > > > > http://www.citi.umich.edu/u/provos/ssh/privsep.html > > os.system("su -m <unprivileged_user> -c '<command string>'") > > seems to do the trick.
Yes, because ‘os.system’ explicitly starts a new process. It can't be done in the same process, as Heiko correctly said. -- \ “Faith, n. Belief without evidence in what is told by one who | `\ speaks without knowledge, of things without parallel.” —Ambrose | _o__) Bierce, _The Devil's Dictionary_, 1906 | Ben Finney -- http://mail.python.org/mailman/listinfo/python-list
