I have a CGI script that is getting an "IOError: [Errno 13] Permission denied"
error in the stack trace in the web server's error log.
As part of debugging this problem, I'd like to add a little bit of code to the script to print the user and (especially) group that the script is running as, into the error log (presumably STDERR).
I know I can just print the values to sys.stderr
, but how do I figure out what user and group the script is running as?
(I'm particularly interested in the group, so the $USER
environment variable won't help; the CGI script has the setgid bit set so it should be running as group "list" instead of the web server's "www-data" - but I need code to see if that's actually happening.)
You can use the following piece of code:
import os
print(os.getegid())
import os, getpass
print getpass.getuser()
Consider the following script.
---- foo.py ----
import os, getpass
print "Env thinks the user is [%s]" % (os.getlogin());
print "Effective user is [%s]" % (getpass.getuser());
Consider running the script.
$ python ./foo.py
results in
Env thinks the user is [jds]
Effective user is [jds]
now run
$ sudo -u apache python ./foo.py
results in
Env thinks the user is [jds]
Effective user is [apache]
As you can see, you these 2 calls os.getlogin()
and getpass.getuser()
are not the same thing.
The underlying principle is how linux/and other unix's manages the running user.
Consider
$ id -u
1000
vs the effective id of the running process.
$ sudo -u apache id -u
33
Note: this is exactly what web servers are doing when they start up. They are creating a sandbox (by forking/divorcing the psudo terminal etc),
and running as another user. For an in-depth account of what is going on here: see the chapter on 'daemon processes' in the Advanced Programming in the UNIX environment book.
Another good thread on the subject.
os.getgid()
and os.getuid()
can be useful. For other environment variables, look into os.getenv
. For example, os.getenv('USER')
on my Mac OS X returns the username. os.getenv('USERNAME')
would return the username on Windows machines.