From 68d97e2beca1ee3b398fc5f0d3ed70aa8b69e732 Mon Sep 17 00:00:00 2001 From: David Kupka Date: Tue, 11 Apr 2017 17:35:30 +0200 Subject: [PATCH] ipapython.ipautil.run: Add option to set umask before executing command https://pagure.io/freeipa/issue/6831 Reviewed-By: Stanislav Laznicka Reviewed-By: Martin Babinsky --- ipapython/ipautil.py | 43 +++++++++++++++++++++++-------------------- 1 file changed, 23 insertions(+), 20 deletions(-) diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index cd66328e6c9a0f69e6f83582a9d288ac239c5be3..317fc225b722ad3ce2f4b9d92822b4f19d49adb9 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -309,7 +309,7 @@ class _RunResult(collections.namedtuple('_RunResult', def run(args, stdin=None, raiseonerr=True, nolog=(), env=None, capture_output=False, skip_output=False, cwd=None, runas=None, suplementary_groups=[], - capture_error=False, encoding=None, redirect_output=False): + capture_error=False, encoding=None, redirect_output=False, umask=None): """ Execute an external command. @@ -345,6 +345,7 @@ def run(args, stdin=None, raiseonerr=True, nolog=(), env=None, error_output, and (if it's not bytes) stdin. If None, the current encoding according to locale is used. :param redirect_output: Redirect (error) output to standard (error) output. + :param umask: Set file-creation mask before running the command. :return: An object with these attributes: @@ -416,25 +417,27 @@ def run(args, stdin=None, raiseonerr=True, nolog=(), env=None, root_logger.debug('Starting external process') root_logger.debug('args=%s' % arg_string) - preexec_fn = None - if runas is not None: - pent = pwd.getpwnam(runas) - - suplementary_gids = [ - grp.getgrnam(group).gr_gid for group in suplementary_groups - ] - - root_logger.debug('runas=%s (UID %d, GID %s)', runas, - pent.pw_uid, pent.pw_gid) - if suplementary_groups: - for group, gid in zip(suplementary_groups, suplementary_gids): - root_logger.debug('suplementary_group=%s (GID %d)', group, gid) - - preexec_fn = lambda: ( - os.setgroups(suplementary_gids), - os.setregid(pent.pw_gid, pent.pw_gid), - os.setreuid(pent.pw_uid, pent.pw_uid), - ) + def preexec_fn(): + if runas is not None: + pent = pwd.getpwnam(runas) + + suplementary_gids = [ + grp.getgrnam(group).gr_gid for group in suplementary_groups + ] + + root_logger.debug('runas=%s (UID %d, GID %s)', runas, + pent.pw_uid, pent.pw_gid) + if suplementary_groups: + for group, gid in zip(suplementary_groups, suplementary_gids): + root_logger.debug('suplementary_group=%s (GID %d)', + group, gid) + + os.setgroups(suplementary_gids) + os.setregid(pent.pw_gid, pent.pw_gid) + os.setreuid(pent.pw_uid, pent.pw_uid) + + if umask: + os.umask(umask) try: p = subprocess.Popen(args, stdin=p_in, stdout=p_out, stderr=p_err, -- 2.9.4