def drop_privileges(uid_name='nobody'):
"""Drop root privileges."""
if os.getuid() != 0:
# We're not root, nothing to do.
return
# Get the uid/gid from the name
running_uid = pwd.getpwnam(uid_name).pw_uid
# Remove group privileges
os.setgroups([])
# Try setting the new uid/gid
os.setuid(running_uid)
# Ensure a very conservative umask
os.umask(0o77)
# TODO: probably redundant, as it will not have access to the
# cred cache anyway.
os.environ['KRB5CCNAME'] = 'FILE:/no_such_krbcc'
评论列表
文章目录
