diff options
Diffstat (limited to 'wallace/__init__.py')
| -rw-r--r-- | wallace/__init__.py | 95 |
1 files changed, 94 insertions, 1 deletions
diff --git a/wallace/__init__.py b/wallace/__init__.py index 6677613..edd47a6 100644 --- a/wallace/__init__.py +++ b/wallace/__init__.py @@ -18,7 +18,9 @@ # import asyncore +import grp import os +import pwd from smtpd import SMTPChannel import sys import tempfile @@ -53,6 +55,16 @@ class WallaceDaemon(object): ) daemon_group.add_option( + "-g", + "--group", + dest = "process_groupname", + action = "store", + default = "kolab", + help = _("Run as group GROUPNAME"), + metavar = "GROUPNAME" + ) + + daemon_group.add_option( "-p", "--pid-file", dest = "pidfile", action = "store", @@ -68,6 +80,16 @@ class WallaceDaemon(object): help = _("Port that Wallace is supposed to use.") ) + daemon_group.add_option( + "-u", + "--user", + dest = "process_username", + action = "store", + default = "kolab", + help = _("Run as user USERNAME"), + metavar = "USERNAME" + ) + conf.finalize_conf() import modules @@ -178,7 +200,9 @@ class WallaceDaemon(object): wallace_modules = conf.get_list('wallace', 'modules') if wallace_modules == None: - wallace_modules = [] + wallace_modules = ['resources'] + elif not 'resources' in wallace_modules: + wallace_modules.append('resources') for module in wallace_modules: log.debug(_("Executing module %s") % (module), level=8) @@ -192,6 +216,75 @@ class WallaceDaemon(object): exitcode = 0 try: + (ruid, euid, suid) = os.getresuid() + (rgid, egid, sgid) = os.getresgid() + + if ruid == 0: + # Means we can setreuid() / setregid() / setgroups() + if egid == 0: + # Get group entry details + try: + ( + group_name, + group_password, + group_gid, + group_members + ) = grp.getgrnam(conf.process_groupname) + + except KeyError: + print >> sys.stderr, _("Group %s does not exist") % ( + conf.process_groupname + ) + + sys.exit(1) + + # Set real and effective group if not the same as current. + if not group_gid == egid: + log.debug( + _("Switching real and effective group id to %d") % ( + group_gid + ), + level=8 + ) + + os.setregid(group_gid, group_gid) + + if euid == 0: + # Means we haven't switched yet. + try: + ( + user_name, + user_password, + user_uid, + user_gid, + user_gecos, + user_homedir, + user_shell + ) = pwd.getpwnam(conf.process_username) + + except KeyError: + print >> sys.stderr, _("User %s does not exist") % ( + conf.process_username + ) + + sys.exit(1) + + + # Set real and effective user if not the same as current. + if not user_uid == euid: + log.debug( + _("Switching real and effective user id to %d") % ( + user_uid + ), + level=8 + ) + + os.setreuid(user_uid, user_uid) + + except: + log.error(_("Could not change real and effective uid and/or gid")) + + try: pid = 1 if conf.fork_mode: self.thread_count += 1 |