[Zodb-checkins] SVN: zdaemon/trunk/ Fixed: When the ``user`` option was used to run as a particular

jim cvs-admin at zope.org
Thu Jun 7 20:52:47 UTC 2012


Log message for revision 126681:
  Fixed: When the ``user`` option was used to run as a particular
  user, supplemental groups weren't set to the user's supplemental
  groups.
  

Changed:
  U   zdaemon/trunk/CHANGES.txt
  U   zdaemon/trunk/README.txt
  U   zdaemon/trunk/setup.py
  A   zdaemon/trunk/src/zdaemon/tests/testuser.py
  U   zdaemon/trunk/src/zdaemon/zdctl.py
  U   zdaemon/trunk/src/zdaemon/zdoptions.py

-=-
Modified: zdaemon/trunk/CHANGES.txt
===================================================================
--- zdaemon/trunk/CHANGES.txt	2012-06-07 20:34:56 UTC (rev 126680)
+++ zdaemon/trunk/CHANGES.txt	2012-06-07 20:52:43 UTC (rev 126681)
@@ -22,7 +22,18 @@
   Previously, this was controlled by backoff-limit, which didn't make
   much sense.
 
+2.0.6 (2012-06-07)
+==================
 
+- Fixed: When the ``user`` option was used to run as a particular
+  user, supplemental groups weren't set to the user's supplemental
+  groups.
+
+2.0.5 (2012-06-07)
+==================
+
+(Accidental release. Please ignore.)
+
 2.0.4 (2009-04-20)
 ==================
 

Modified: zdaemon/trunk/README.txt
===================================================================
--- zdaemon/trunk/README.txt	2012-06-07 20:34:56 UTC (rev 126680)
+++ zdaemon/trunk/README.txt	2012-06-07 20:52:43 UTC (rev 126681)
@@ -2,10 +2,7 @@
 ``zdaemon`` process controller for Unix-based systems
 *****************************************************
 
-`zdaemon` is a Python package which provides APIs for managing applications
-run as daemons.  Its principal use to date has been to manage the application
-server and storage server daemons for Zope / ZEO, although it is not limited
-to running Python-based applications (for instance, it has been used to
-manage the 'spread' daemon).
+``zdaemon`` is a Unix (Unix, Linux, Mac OS X) Python program that wraps
+commands to make them behave as proper daemons.
 
 .. contents::

Modified: zdaemon/trunk/setup.py
===================================================================
--- zdaemon/trunk/setup.py	2012-06-07 20:34:56 UTC (rev 126680)
+++ zdaemon/trunk/setup.py	2012-06-07 20:52:43 UTC (rev 126681)
@@ -30,7 +30,7 @@
         include_package_data = True,
         install_requires=["ZConfig"],
         extras_require=dict(
-            test=['zope.testing', 'manuel', 'zc.customdoctests']),
+            test=['zope.testing', 'manuel', 'zc.customdoctests', 'mock']),
         )
 except ImportError:
     from distutils.core import setup

Copied: zdaemon/trunk/src/zdaemon/tests/testuser.py (from rev 126680, zdaemon/branches/2/src/zdaemon/tests/testuser.py)
===================================================================
--- zdaemon/trunk/src/zdaemon/tests/testuser.py	                        (rev 0)
+++ zdaemon/trunk/src/zdaemon/tests/testuser.py	2012-06-07 20:52:43 UTC (rev 126681)
@@ -0,0 +1,111 @@
+##############################################################################
+#
+# Copyright (c) 2010 Zope Foundation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+
+# Test user and groups options
+
+from zope.testing import setupstack
+import doctest
+import mock
+import os
+import sys
+import unittest
+import zdaemon.zdctl
+
+def write(name, text):
+    with open(name, 'w') as f:
+        f.write(text)
+
+class O:
+    def __init__(self, **kw):
+        self.__dict__.update(kw)
+
+def test_user_fails_when_not_root():
+    """
+
+    >>> write('conf',
+    ... '''
+    ... <runner>
+    ...   program sleep 9
+    ...   user zope
+    ... </runner>
+    ... ''')
+
+    >>> with mock.patch('os.geteuid') as geteuid:
+    ...   with mock.patch('sys.stderr'):
+    ...     sys.stderr = sys.stdout
+    ...     geteuid.return_value = 42
+    ...     try:
+    ...         zdaemon.zdctl.main(['-C', 'conf', 'status'])
+    ...     except SystemExit:
+    ...         pass
+    ...     else:
+    ...         print 'oops'
+    ... # doctest: +ELLIPSIS
+    Error: only root can use -u USER to change users
+    For help, use ... -h
+
+    >>> import pwd
+    >>> pwd.getpwnam.assert_called_with('zope')
+
+    """
+
+def test_user_sets_supplemtary_groups():
+    """
+
+    >>> write('conf',
+    ... '''
+    ... <runner>
+    ...   program sleep 9
+    ...   user zope
+    ... </runner>
+    ... ''')
+
+    >>> import grp
+    >>> grp.getgrall.return_value = [
+    ...   O(gr_gid=8, gr_mem =['g', 'zope', ]),
+    ...   O(gr_gid=1, gr_mem =['a', 'x', ]),
+    ...   O(gr_gid=2, gr_mem =['b', 'x', 'zope']),
+    ...   O(gr_gid=5, gr_mem =['c', 'x', ]),
+    ...   O(gr_gid=4, gr_mem =['d', 'x', ]),
+    ...   O(gr_gid=3, gr_mem =['e', 'x', 'zope', ]),
+    ...   O(gr_gid=6, gr_mem =['f', ]),
+    ...   O(gr_gid=7, gr_mem =['h', ]),
+    ... ]
+
+    >>> zdaemon.zdctl.main(['-C', 'conf', 'status'])
+    daemon manager not running
+
+    >>> import pwd, os
+    >>> os.geteuid.assert_called_with()
+    >>> pwd.getpwnam.assert_called_with('zope')
+    >>> grp.getgrall.assert_called_with()
+    >>> os.setuid.assert_called_with(99)
+    >>> os.setgid.assert_called_with(5)
+    >>> os.setgroups.assert_called_with([2, 3, 8])
+
+    """
+
+def setUp(test):
+    setupstack.setUpDirectory(test)
+    getpwname = setupstack.context_manager(test, mock.patch('pwd.getpwnam'))
+    getpwname.return_value = O(pw_gid=5, pw_uid=99)
+    setupstack.context_manager(test, mock.patch('os.geteuid')).return_value = 0
+    setupstack.context_manager(test, mock.patch('grp.getgrall'))
+    setupstack.context_manager(test, mock.patch('os.setgroups'))
+    setupstack.context_manager(test, mock.patch('os.setuid'))
+    setupstack.context_manager(test, mock.patch('os.setgid'))
+
+def test_suite():
+    return doctest.DocTestSuite(setUp=setUp, tearDown=setupstack.tearDown)
+

Modified: zdaemon/trunk/src/zdaemon/zdctl.py
===================================================================
--- zdaemon/trunk/src/zdaemon/zdctl.py	2012-06-07 20:34:56 UTC (rev 126680)
+++ zdaemon/trunk/src/zdaemon/zdctl.py	2012-06-07 20:52:43 UTC (rev 126681)
@@ -183,6 +183,7 @@
         if uid != 0 and uid != self.options.uid:
             self.options.usage("only root can use -u USER to change users")
         os.setgid(self.options.gid)
+        os.setgroups(self.options.groups)
         os.setuid(self.options.uid)
 
     def emptyline(self):

Modified: zdaemon/trunk/src/zdaemon/zdoptions.py
===================================================================
--- zdaemon/trunk/src/zdaemon/zdoptions.py	2012-06-07 20:34:56 UTC (rev 126680)
+++ zdaemon/trunk/src/zdaemon/zdoptions.py	2012-06-07 20:52:43 UTC (rev 126681)
@@ -380,7 +380,7 @@
 
         # Additional checking of user option; set uid and gid
         if self.user is not None:
-            import pwd
+            import pwd, grp
             try:
                 uid = int(self.user)
             except ValueError:
@@ -388,15 +388,16 @@
                     pwrec = pwd.getpwnam(self.user)
                 except KeyError:
                     self.usage("username %r not found" % self.user)
-                uid = pwrec[2]
+                uid = pwrec.pw_uid
             else:
                 try:
                     pwrec = pwd.getpwuid(uid)
                 except KeyError:
                     self.usage("uid %r not found" % self.user)
-            gid = pwrec[3]
             self.uid = uid
-            self.gid = gid
+            self.gid = pwrec.pw_gid
+            self.groups = sorted(g.gr_gid for g in grp.getgrall()
+                                 if self.user in g.gr_mem)
 
 
 # ZConfig datatype



More information about the Zodb-checkins mailing list