[python-daemon-Bugs][315239] 2.1 requires root permissions

python-daemon-bugs at alioth.debian.org python-daemon-bugs at alioth.debian.org
Fri Dec 11 23:48:36 UTC 2015 

python-daemon-Bugs item #315239 was changed at 2015-12-12 10:48 by Ben Finney
You can respond by visiting: 
https://alioth.debian.org/tracker/?func=detail&atid=413098&aid=315239&group_id=100328

Status: Open
Priority: 3
Submitted By: Adrian M (thiefmaster-guest)
>Assigned to: Ben Finney (bignose-guest)
Summary: 2.1 requires root permissions 


Initial Comment:
The use of ‘os.initgroups’ fails on Linux when the calling process does not have the ‘CAP_SETGID’ process capability.

Typically, this fails when running without root privileges (which is a perfectly valid use case), raising a PermissionError exception.


----------------------------------------------------------------------

>Comment By: Ben Finney (bignose-guest)
Date: 2015-12-12 10:48

Message:
> Since version 2.1, python-daemon always tries to setuid+setgid even if no uid change is necessary.

That has been the case since the beginning; opening the daemon context unilaterally seeks to set the process owner GID and UID).

> This kind of breaking change

So, it isn't a change that the process owner is unconditionally set.

What is new is:

> this happens only with `initgroups=True` which didn't exist before.

which is new in version 2.1.


----------------------------------------------------------------------

Comment By: Justin Patrin (papercrane-guest)
Date: 2015-12-12 08:44

Message:
I've pushed a fix for this which checks the uid and euid before trying to change the uid and checks the gid and egid before trying to change the gid.
https://code.launchpad.net/~reversefold/python-daemon/trunk

----------------------------------------------------------------------

Comment By: Justin Patrin (papercrane-guest)
Date: 2015-12-11 12:39

Message:
+1, also seeing this issue

----------------------------------------------------------------------

Comment By: Adrian M (thiefmaster-guest)
Date: 2015-11-29 01:29

Message:
After having a closer look: this happens only with `initgroups=True` which didn't exist before. Maybe it would be better to make it default to `False`?

----------------------------------------------------------------------

You can respond by visiting: 
https://alioth.debian.org/tracker/?func=detail&atid=413098&aid=315239&group_id=100328

More information about the python-daemon-bugs mailing list