I have a CGI script that is getting an "IOError: [Errno 13] Permission denied"
error in the stack trace in the web server's error log.
As part of debugging this problem, I'd like to add a little bit of code to the script to print the user and (especially) group that the script is running as, into the error log (presumably STDERR).
I know I can just print the values to sys.stderr
, but how do I figure out what user and group the script is running as?
(I'm particularly interested in the group, so the $USER
environment variable won't help; the CGI script has the setgid bit set so it should be running as group "list" instead of the web server's "www-data" - but I need code to see if that's actually happening.)
I usually use ps -fA | grep python to see what processes are running. The CMD will show you what python scripts you have running, although it won't give you the directory of the script.
Use the command sudo . In order to run a program as a user, the system must "authenticate" that user. Obviously, root can run any program as any user, and any user can su to another user with a password. The program sudo can be configured to allow a group of users to sudo a particular command as a particular user.
import os, getpass print getpass.getuser()
Consider the following script.
---- foo.py ---- import os, getpass print "Env thinks the user is [%s]" % (os.getlogin()); print "Effective user is [%s]" % (getpass.getuser());
Consider running the script.
$ python ./foo.py
results in
Env thinks the user is [jds] Effective user is [jds]
now run
$ sudo -u apache python ./foo.py
results in
Env thinks the user is [jds] Effective user is [apache]
As you can see, you these 2 calls os.getlogin()
and getpass.getuser()
are not the same thing. The underlying principle is how linux/and other unix's manages the running user.
Consider
$ id -u
1000
vs the effective id of the running process.
$ sudo -u apache id -u
33
Note: this is exactly what web servers are doing when they start up. They are creating a sandbox (by forking/divorcing the psudo terminal etc), and running as another user. For an in-depth account of what is going on here: see the chapter on 'daemon processes' in the Advanced Programming in the UNIX environment book.
Another good thread on the subject.
You can use the following piece of code:
import os print(os.getegid())
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With