How to determine what user and group a Python scri

2020-03-08 12:08发布

问题:

I have a CGI script that is getting an "IOError: [Errno 13] Permission denied" error in the stack trace in the web server's error log.

As part of debugging this problem, I'd like to add a little bit of code to the script to print the user and (especially) group that the script is running as, into the error log (presumably STDERR).

I know I can just print the values to sys.stderr, but how do I figure out what user and group the script is running as?

(I'm particularly interested in the group, so the $USER environment variable won't help; the CGI script has the setgid bit set so it should be running as group "list" instead of the web server's "www-data" - but I need code to see if that's actually happening.)

回答1:

You can use the following piece of code:

import os
print(os.getegid())


回答2:

import os, getpass
print getpass.getuser()

Consider the following script.

---- foo.py ---- 
import os, getpass
print "Env thinks the user is [%s]" % (os.getlogin());
print "Effective user is [%s]" % (getpass.getuser());

Consider running the script.

$ python ./foo.py

results in

Env thinks the user is [jds]
Effective user is [jds]

now run

$ sudo -u apache python ./foo.py

results in

Env thinks the user is [jds]
Effective user is [apache]

As you can see, you these 2 calls os.getlogin() and getpass.getuser() are not the same thing. The underlying principle is how linux/and other unix's manages the running user.

Consider

$ id -u

1000

vs the effective id of the running process.

$ sudo -u apache id -u

33

Note: this is exactly what web servers are doing when they start up. They are creating a sandbox (by forking/divorcing the psudo terminal etc), and running as another user. For an in-depth account of what is going on here: see the chapter on 'daemon processes' in the Advanced Programming in the UNIX environment book.

Another good thread on the subject.



回答3:

os.getgid() and os.getuid() can be useful. For other environment variables, look into os.getenv. For example, os.getenv('USER') on my Mac OS X returns the username. os.getenv('USERNAME') would return the username on Windows machines.