Commit 122f0a4f authored by Samuel GAIST's avatar Samuel GAIST
Browse files

[scripts][loop_execute] Implement user adaptation as done in execute

This allows to have the data generated with the correct user id
if provided in the configuration and doesn't match the current
user running the container.
parent 611af973
......@@ -61,6 +61,8 @@ import logging
import os
import sys
import docopt
import simplejson as json
import subprocess # nosec
import zmq
......@@ -137,12 +139,50 @@ def main(arguments=None):
# If necessary, change to another user (with less privileges, but has access
# to the databases)
try:
# Check the dir
if not os.path.exists(args["<dir>"]):
raise IOError("Running directory `%s' not found" % args["<dir>"])
# Load the configuration
with open(os.path.join(args["<dir>"], "configuration.json"), "r") as f:
cfg = json.load(f)
user_id = cfg["uid"]
# Create a new user with less privileges (if necessary)
if os.getuid() != user_id:
retcode = subprocess.call( # nosec
[
"adduser",
"--uid",
str(user_id),
"--no-create-home",
"--disabled-password",
"--disabled-login",
"--gecos",
'""',
"-q",
"beat-nobody",
]
)
if retcode != 0:
msg = "Failed to create a user with the UID {}".format(user_id)
message_handler.send_error(msg, "sys")
message_handler.destroy()
return 1
# Change to the user with less privileges
try:
os.setgid(user_id)
os.setuid(user_id)
except Exception as e:
msg = "Failed to change to user id {}: {}".format(cfg["uid"], e)
message_handler.send_error(msg, "sys")
message_handler.destroy()
return 1
try:
# Sets up the execution
try:
loop_executor = LoopExecutor(
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment