2

I have this simple python script that run as root, but will execute subprocesses as some other user:

#!/usr/bin/env python2
import subprocess
import os

def demote(user_uid):
   def result():
      os.setuid(user_uid)
   return result

cmd = "echo $USER"
proc = subprocess.Popen(cmd, preexec_fn=demote(1000), stdout=subprocess.PIPE, shell=True)
output = proc.communicate()[0]

print output

If cmd is "sleep 60" then the script spawns sleep as the user:

# ps -ef | grep sleep
dave   17812 17811  0 17:05 pts/5    00:00:00 /usr/bin/sleep 60

However, if cmd is 'echo $USER', the outout is "root". Is there someone I need to do to get the user's env if I spawn the subprocess as a nother user?

Improve this question

3 Answers 3

Reset to default
2

You don't really have a problem with subprocess here. Subprocess is getting passed the environment from your current environment, so when you "echo $USER", it's reporting the user from the current environment.

See what happens when you change the command to whoami, which actually checks your UID:

My python shell is running as root:

>>> print os.getuid()
0

But changing the command being run outputs the correct new user:

>>> cmd = "whoami"
>>> proc = subprocess.Popen(cmd, preexec_fn=demote(1000), stdout=subprocess.PIPE, shell=True)
>>> output = proc.communicate()[0]
>>> print output
voodoonofx

If you really want to modify the environment to be that user, you could pass a new dictionary to the Popen call. See the env keyword passed with help(subprocess.Popen):

  __init__(self, args, bufsize=0, executable=None, stdin=None, stdout=None, stderr=None, preexec_fn=None, close_fds=False, shell=False, cwd=None, env=None, universal_newlines=False, startupinfo=None, creationflags=0)
      Create new Popen instance.
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

change the user before running any commands, that might help:

su otheruser # this will prompt you to enter the 'otheruser' password.
Improve this answer

Comments

0

One option would be to run a full login shell ... for example

cmd = "/bin/bash -l -c 'echo $USER'"
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.