Commit 122f0a4f authored by Samuel GAIST's avatar Samuel GAIST
Browse files

[scripts][loop_execute] Implement user adaptation as done in execute

This allows to have the data generated with the correct user id
if provided in the configuration and doesn't match the current
user running the container.
parent 611af973
...@@ -61,6 +61,8 @@ import logging ...@@ -61,6 +61,8 @@ import logging
import os import os
import sys import sys
import docopt import docopt
import simplejson as json
import subprocess # nosec
import zmq import zmq
...@@ -137,12 +139,50 @@ def main(arguments=None): ...@@ -137,12 +139,50 @@ def main(arguments=None):
# If necessary, change to another user (with less privileges, but has access # If necessary, change to another user (with less privileges, but has access
# to the databases) # to the databases)
try:
# Check the dir # Check the dir
if not os.path.exists(args["<dir>"]): if not os.path.exists(args["<dir>"]):
raise IOError("Running directory `%s' not found" % args["<dir>"]) raise IOError("Running directory `%s' not found" % args["<dir>"])
# Load the configuration
with open(os.path.join(args["<dir>"], "configuration.json"), "r") as f:
cfg = json.load(f)
user_id = cfg["uid"]
# Create a new user with less privileges (if necessary)
if os.getuid() != user_id:
retcode = subprocess.call( # nosec
[
"adduser",
"--uid",
str(user_id),
"--no-create-home",
"--disabled-password",
"--disabled-login",
"--gecos",
'""',
"-q",
"beat-nobody",
]
)
if retcode != 0:
msg = "Failed to create a user with the UID {}".format(user_id)
message_handler.send_error(msg, "sys")
message_handler.destroy()
return 1
# Change to the user with less privileges
try:
os.setgid(user_id)
os.setuid(user_id)
except Exception as e:
msg = "Failed to change to user id {}: {}".format(cfg["uid"], e)
message_handler.send_error(msg, "sys")
message_handler.destroy()
return 1
try:
# Sets up the execution # Sets up the execution
try: try:
loop_executor = LoopExecutor( loop_executor = LoopExecutor(
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment