aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorbnewbold <bnewbold@robocracy.org>2012-12-26 01:53:41 +0100
committerbnewbold <bnewbold@robocracy.org>2012-12-26 01:53:41 +0100
commitabad293c23582fb5aae0c053f995db8e2b78f88b (patch)
treead6c3bc20ee5f4c77f606db007c503129fee70be
parent8a5955f429faddf71cdce4af404f56021bcc568b (diff)
downloadexmachina-abad293c23582fb5aae0c053f995db8e2b78f88b.tar.gz
exmachina-abad293c23582fb5aae0c053f995db8e2b78f88b.zip
can't change permissions if non-root
-rwxr-xr-xexmachina.py6
1 files changed, 6 insertions, 0 deletions
diff --git a/exmachina.py b/exmachina.py
index f99e036..f94f230 100755
--- a/exmachina.py
+++ b/exmachina.py
@@ -30,6 +30,9 @@ client in the same way. The init_test.sh script demonstrates this mechanism.
Note that the authentication mechanism only tells the server that the client
seems to be legitimate, it doesn't prevent a rapid "man in the middle" style
attack on the client, which could feed back malicious information.
+
+Alternatively, an optional user or group can be specified and the socket file
+will have it's ownership and permissions changed appropriately.
"""
import os
@@ -345,6 +348,9 @@ def run_server(socket_path, secret_key=None, socket_group=None,
if not 0 == os.geteuid():
log.warn("Expected to be running as root!")
+ if socket_group or socket_user:
+ log.error("Can't change socket permissions if non-root, exiting")
+ sys.exit(-1)
# check if the socket was left open after a previous run, overwrite it
if os.path.exists(socket_path):