diff options
| author | Patrick McLean <47801044+patrick-mclean@users.noreply.github.com> | 2019-09-12 17:15:44 (GMT) |
|---|---|---|
| committer | Gregory P. Smith <greg@krypto.org> | 2019-09-12 17:15:44 (GMT) |
| commit | 2b2ead74382513d0bb9ef34504e283a71e6a706f (patch) | |
| tree | 28a8a0f37d31dc7a674d2690085a2dcd8a629118 /Doc/library | |
| parent | 57b7dbc46e71269d855e644d30826d33eedee2a1 (diff) | |
| download | cpython-2b2ead74382513d0bb9ef34504e283a71e6a706f.zip cpython-2b2ead74382513d0bb9ef34504e283a71e6a706f.tar.gz cpython-2b2ead74382513d0bb9ef34504e283a71e6a706f.tar.bz2 | |
bpo-36046: Add user and group parameters to subprocess (GH-11950)
* subprocess: Add user, group and extra_groups paremeters to subprocess.Popen
This adds a `user` parameter to the Popen constructor that will call
setreuid() in the child before calling exec(). This allows processes
running as root to safely drop privileges before running the subprocess
without having to use a preexec_fn.
This also adds a `group` parameter that will call setregid() in
the child process before calling exec().
Finally an `extra_groups` parameter was added that will call
setgroups() to set the supplimental groups.
Diffstat (limited to 'Doc/library')
| -rw-r--r-- | Doc/library/subprocess.rst | 32 |
1 files changed, 30 insertions, 2 deletions
diff --git a/Doc/library/subprocess.rst b/Doc/library/subprocess.rst index 954e0fe..1a98bb3 100644 --- a/Doc/library/subprocess.rst +++ b/Doc/library/subprocess.rst @@ -339,8 +339,9 @@ functions. stderr=None, preexec_fn=None, close_fds=True, shell=False, \ cwd=None, env=None, universal_newlines=None, \ startupinfo=None, creationflags=0, restore_signals=True, \ - start_new_session=False, pass_fds=(), *, \ - encoding=None, errors=None, text=None) + start_new_session=False, pass_fds=(), *, group=None, \ + extra_groups=None, user=None, encoding=None, errors=None, \ + text=None) Execute a child program in a new process. On POSIX, the class uses :meth:`os.execvp`-like behavior to execute the child program. On Windows, @@ -544,6 +545,33 @@ functions. .. versionchanged:: 3.2 *start_new_session* was added. + If *group* is not ``None``, the setregid() system call will be made in the + child process prior to the execution of the subprocess. If the provided + value is a string, it will be looked up via :func:`grp.getgrnam()` and + the value in ``gr_gid`` will be used. If the value is an integer, it + will be passed verbatim. (POSIX only) + + .. availability:: POSIX + .. versionadded:: 3.9 + + If *extra_groups* is not ``None``, the setgroups() system call will be + made in the child process prior to the execution of the subprocess. + Strings provided in *extra_groups* will be looked up via + :func:`grp.getgrnam()` and the values in ``gr_gid`` will be used. + Integer values will be passed verbatim. (POSIX only) + + .. availability:: POSIX + .. versionadded:: 3.9 + + If *user* is not ``None``, the setreuid() system call will be made in the + child process prior to the execution of the subprocess. If the provided + value is a string, it will be looked up via :func:`pwd.getpwnam()` and + the value in ``pw_uid`` will be used. If the value is an integer, it will + be passed verbatim. (POSIX only) + + .. availability:: POSIX + .. versionadded:: 3.9 + If *env* is not ``None``, it must be a mapping that defines the environment variables for the new process; these are used instead of the default behavior of inheriting the current process' environment. |