[CalendarServer-changes] [3268] CalendarServer/trunk/twistedcaldav/tap.py

source_changes at macosforge.org source_changes at macosforge.org
Wed Oct 29 17:37:50 PDT 2008 

Revision: 3268
          http://trac.macosforge.org/projects/calendarserver/changeset/3268
Author:   wsanchez at apple.com
Date:     2008-10-29 17:37:50 -0700 (Wed, 29 Oct 2008)
Log Message:
-----------
Have to be root to drop privileges; group doesn't matter.

Modified Paths:
--------------
    CalendarServer/trunk/twistedcaldav/tap.py

Modified: CalendarServer/trunk/twistedcaldav/tap.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/tap.py	2008-10-30 00:32:31 UTC (rev 3267)
+++ CalendarServer/trunk/twistedcaldav/tap.py	2008-10-30 00:37:50 UTC (rev 3268)
@@ -146,7 +146,6 @@
         one option may be given for each --option flag, however multiple
         --option flags may be specified.
         """
-
         if "=" in option:
             path, value = option.split("=")
             self.setOverride(
@@ -173,23 +172,21 @@
         uid, gid = None, None
 
         if self.parent["uid"] or self.parent["gid"]:
-            uid, gid = getid(self.parent["uid"],
-                             self.parent["gid"])
+            uid, gid = getid(self.parent["uid"], self.parent["gid"])
 
-        if uid:
-            if uid != os.getuid() and os.getuid() != 0:
+        def gottaBeRoot():
+            if os.getuid() != 0:
                 import pwd
                 username = pwd.getpwuid(os.getuid())[0]
-                raise UsageError("Only root can drop privileges you are: %r"
+                raise UsageError("Only root can drop privileges.  You are: %r"
                                  % (username,))
 
-        if gid:
-            if gid != os.getgid() and os.getgid() != 0:
-                import grp
-                groupname = grp.getgrgid(os.getgid())[0]
-                raise UsageError("Only root can drop privileges, you are: %s"
-                                 % (groupname,))
+        if uid and uid != os.getuid():
+            gottaBeRoot()
 
+        if gid and gid != os.getgid():
+            gottaBeRoot()
+
         # Ignore the logfile parameter if not daemonized and log to stdout.
         if self.parent["nodaemon"]:
             self.parent["logfile"] = None
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20081029/eabdf9c0/attachment.html>

More information about the calendarserver-changes mailing list