diff options
author | Martin Kosek <mkosek@redhat.com> | 2014-01-16 14:10:42 +0100 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-01-16 14:10:42 +0100 |
commit | f5e69b15a070ea94e8651fa8e0d51eb13031219c (patch) | |
tree | 1120845dc32fe881e6e0e91f8dd6dd85bb1a1540 | |
parent | 7ce3320996e9666581a2b4495b5063b5d99aa937 (diff) | |
download | freeipa-f5e69b15a070ea94e8651fa8e0d51eb13031219c.tar.gz freeipa-f5e69b15a070ea94e8651fa8e0d51eb13031219c.tar.xz freeipa-f5e69b15a070ea94e8651fa8e0d51eb13031219c.zip |
Add runas option to run function
Run function can now run the specified command as different user by
setting the EUID and EGID for executed process.
-rw-r--r-- | ipapython/ipautil.py | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index a25dc358..65e1c724 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -42,6 +42,7 @@ import datetime import netaddr import time import krbV +import pwd from dns import resolver, rdatatype from dns.exception import DNSException @@ -246,7 +247,8 @@ def shell_quote(string): return "'" + string.replace("'", "'\\''") + "'" def run(args, stdin=None, raiseonerr=True, - nolog=(), env=None, capture_output=True, skip_output=False, cwd=None): + nolog=(), env=None, capture_output=True, skip_output=False, cwd=None, + runas=None): """ Execute a command and return stdin, stdout and the process return code. @@ -298,9 +300,19 @@ def run(args, stdin=None, raiseonerr=True, root_logger.debug('Starting external process') root_logger.debug('args=%s' % arg_string) + preexec_fn = None + if runas is not None: + pent = pwd.getpwnam(runas) + root_logger.debug('runas=%s (UID %d, GID %s)', runas, + pent.pw_uid, pent.pw_gid) + + preexec_fn = lambda: (os.setegid(pent.pw_uid), + os.seteuid(pent.pw_gid)) + try: p = subprocess.Popen(args, stdin=p_in, stdout=p_out, stderr=p_err, - close_fds=True, env=env, cwd=cwd) + close_fds=True, env=env, cwd=cwd, + preexec_fn=preexec_fn) stdout,stderr = p.communicate(stdin) stdout,stderr = str(stdout), str(stderr) # Make pylint happy except KeyboardInterrupt: |