diff options
author | bnewbold <bnewbold@robocracy.org> | 2012-12-26 01:53:41 +0100 |
---|---|---|
committer | bnewbold <bnewbold@robocracy.org> | 2012-12-26 01:53:41 +0100 |
commit | abad293c23582fb5aae0c053f995db8e2b78f88b (patch) | |
tree | ad6c3bc20ee5f4c77f606db007c503129fee70be | |
parent | 8a5955f429faddf71cdce4af404f56021bcc568b (diff) | |
download | exmachina-abad293c23582fb5aae0c053f995db8e2b78f88b.tar.gz exmachina-abad293c23582fb5aae0c053f995db8e2b78f88b.zip |
can't change permissions if non-root
-rwxr-xr-x | exmachina.py | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/exmachina.py b/exmachina.py index f99e036..f94f230 100755 --- a/exmachina.py +++ b/exmachina.py @@ -30,6 +30,9 @@ client in the same way. The init_test.sh script demonstrates this mechanism. Note that the authentication mechanism only tells the server that the client seems to be legitimate, it doesn't prevent a rapid "man in the middle" style attack on the client, which could feed back malicious information. + +Alternatively, an optional user or group can be specified and the socket file +will have it's ownership and permissions changed appropriately. """ import os @@ -345,6 +348,9 @@ def run_server(socket_path, secret_key=None, socket_group=None, if not 0 == os.geteuid(): log.warn("Expected to be running as root!") + if socket_group or socket_user: + log.error("Can't change socket permissions if non-root, exiting") + sys.exit(-1) # check if the socket was left open after a previous run, overwrite it if os.path.exists(socket_path): |