Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

CGI, python, and setgid

Tags:

python

cgi

I'm running a compiled python cgi script (using cxfreeze) in Apache. The script, among other things, calls

os.setuid(some_uid)
os.setgid(some_gid)

Obviously some_uid/gid are legal and I set the sticky bit for both user and group, and verified it is indeed set. However on every call i get an error

os.setgid(int(self.gid))
OSError: [Errno 1] Operation not permitted

As you may notice, setuid() is successful, setgid() is not. Which is very weird, at least for me, though I admit I have little experience with permissions in Linux. Any thoughts/ideas are welcome.

I'm using apache 2.2.15, python 2.6.5, RHEL 5.4 (kernel 2.6.18)

like image 663
user331398 Avatar asked Oct 20 '25 00:10

user331398

1 Answers

The setuid call drops the privileges you need to call setgid, so your calls occur in the wrong order. But why not use a library that is designed for dropping privileges?

like image 52
Jouni K. Seppänen Avatar answered Oct 21 '25 14:10

Jouni K. Seppänen
Sign in to Comment

Related questions

Set the media type of a custom Error Response via a pydantic model in FastAPI
How to crop an audio file based on the timestamps present in a list
PerformanceWarning: DataFrame is highly fragmented when creating new DataFrame columns
subprocess.run(["huggingface-cli", "login", "--token", TOKEN]) works on mac but not on Ubuntu
TypeError in librosa, MFCC
How to decode gerrit code review rest api responses
How to remove Outliers in Python?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!