search

google-code-export / web-shell

Automatically exported from code.google.com/p/web-shell
1 stars 1 forks source link

run as nobody #47

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. start webshell from monit or init script
2. server runs as root, bad idea!

What is the expected output?

I want webshell to run as nobody (under unix)

What version of the product are you using? On what operating system?
Webshell 0.9.6 under Linux

Please provide any additional information below.

To resolve the issue, add the following two lines in webshell.py right
beneath the import stanza:

os.setgid(65534)
os.setuid(65534)

Now webshell runs as nobody:nogroup. Note that one cannot set the uid
before the gid, that generates an OSError.

Original issue reported on code.google.com by denissu...@gmail.com on 27 May 2009 at 5:47

GoogleCodeExporter commented 9 years ago 
A cleaner version of the same code would be

if os.getuid()==0:
        os.setgid(65534)
        os.setuid(65534)

i.e. "if you are root, become nobody"

Original comment by denissu...@gmail.com on 28 May 2009 at 12:52