Skip to content

Instantly share code, notes, and snippets.

@sweenzor
Created January 26, 2012 23:08
Show Gist options
  • Save sweenzor/1685717 to your computer and use it in GitHub Desktop.
Save sweenzor/1685717 to your computer and use it in GitHub Desktop.
Run python subprocess(es) as another user
#!/usr/bin/env python
import os
import subprocess
# > python subprocessdemote.py
# > sudo python subprocessdemote.py
def check_username():
"""Check who is running this script"""
print os.getuid()
print os.getgid()
def check_id():
"""Run the command 'id' in a subprocess, return the result"""
cmd = ['id']
return subprocess.check_output(cmd)
def check_id_as_user():
"""Run the command 'id' in a subprocess as user 1000,
return the result"""
cmd = ['id']
return subprocess.check_output(cmd, preexec_fn=demote(1000, 1000))
def demote(user_uid, user_gid):
"""Pass the function 'set_ids' to preexec_fn, rather than just calling
setuid and setgid. This will change the ids for that subprocess only"""
def set_ids():
os.setgid(user_gid)
os.setuid(user_uid)
return set_ids
if __name__=='__main__':
check_username()
print check_id()
print check_id_as_user()
print check_id()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment