summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Kosek <mkosek@redhat.com>2014-01-16 14:10:42 +0100
committerMartin Kosek <mkosek@redhat.com>2014-01-16 14:10:42 +0100
commitf5e69b15a070ea94e8651fa8e0d51eb13031219c (patch)
tree1120845dc32fe881e6e0e91f8dd6dd85bb1a1540
parent7ce3320996e9666581a2b4495b5063b5d99aa937 (diff)
downloadfreeipa-f5e69b15a070ea94e8651fa8e0d51eb13031219c.tar.gz
freeipa-f5e69b15a070ea94e8651fa8e0d51eb13031219c.tar.xz
freeipa-f5e69b15a070ea94e8651fa8e0d51eb13031219c.zip
Add runas option to run function
Run function can now run the specified command as different user by setting the EUID and EGID for executed process.
-rw-r--r--ipapython/ipautil.py16
1 files changed, 14 insertions, 2 deletions
diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index a25dc358..65e1c724 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -42,6 +42,7 @@ import datetime
import netaddr
import time
import krbV
+import pwd
from dns import resolver, rdatatype
from dns.exception import DNSException
@@ -246,7 +247,8 @@ def shell_quote(string):
return "'" + string.replace("'", "'\\''") + "'"
def run(args, stdin=None, raiseonerr=True,
- nolog=(), env=None, capture_output=True, skip_output=False, cwd=None):
+ nolog=(), env=None, capture_output=True, skip_output=False, cwd=None,
+ runas=None):
"""
Execute a command and return stdin, stdout and the process return code.
@@ -298,9 +300,19 @@ def run(args, stdin=None, raiseonerr=True,
root_logger.debug('Starting external process')
root_logger.debug('args=%s' % arg_string)
+ preexec_fn = None
+ if runas is not None:
+ pent = pwd.getpwnam(runas)
+ root_logger.debug('runas=%s (UID %d, GID %s)', runas,
+ pent.pw_uid, pent.pw_gid)
+
+ preexec_fn = lambda: (os.setegid(pent.pw_uid),
+ os.seteuid(pent.pw_gid))
+
try:
p = subprocess.Popen(args, stdin=p_in, stdout=p_out, stderr=p_err,
- close_fds=True, env=env, cwd=cwd)
+ close_fds=True, env=env, cwd=cwd,
+ preexec_fn=preexec_fn)
stdout,stderr = p.communicate(stdin)
stdout,stderr = str(stdout), str(stderr) # Make pylint happy
except KeyboardInterrupt: