Skip to content

Commit

Permalink
Merge pull request #2507 from monoidic/priv
Browse files Browse the repository at this point in the history 
ENH: utils: acquire groups of intelmq user in drop_privileges
  • Loading branch information
@sebix
sebix authored Jul 9, 2024
2 parents a8b2a64 + d04e055 commit b3096ba
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 0 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
### Configuration

### Core
- `intelmq.lib.utils.drop_privileges`: When IntelMQ is called as `root` and dropping the privileges to user `intelmq`, also set the non-primary groups associated with the `intelmq` user. Makes the behaviour of running intelmqctl as `root` closer to the behaviour of `sudo -u intelmq ...` (PR#2507 by Mikk Margus Möll).

### Development

Expand Down
1 change: 1 addition & 0 deletions intelmq/lib/utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -692,6 +692,7 @@ def drop_privileges() -> bool:
"""
if os.geteuid() == 0:
try:
os.setgroups([group.gr_gid for group in grp.getgrall() if 'intelmq' in group.gr_mem])
os.setgid(grp.getgrnam('intelmq').gr_gid)
os.setuid(pwd.getpwnam('intelmq').pw_uid)
except (OSError, KeyError):
Expand Down

0 comments on commit b3096ba

Please sign in to comment.