diff options
| author | Zac Medico <zmedico@gentoo.org> | 2006-03-13 19:59:23 +0000 |
|---|---|---|
| committer | Zac Medico <zmedico@gentoo.org> | 2006-03-13 19:59:23 +0000 |
| commit | d411903f6a6dbaf1d6039aaaf24fdfb9e1f186cf (patch) | |
| tree | dfc4fff227dc9cd8e67aa4dc76e45fef68f46e50 /pym/portage_data.py | |
| parent | 8def617693177f94db02d9d7211ebaec68bb8e9c (diff) | |
| download | portage-d411903f6a6dbaf1d6039aaaf24fdfb9e1f186cf.tar.gz portage-d411903f6a6dbaf1d6039aaaf24fdfb9e1f186cf.tar.bz2 portage-d411903f6a6dbaf1d6039aaaf24fdfb9e1f186cf.zip | |
Document portage_data.secpass and give secpass=0 to users that are not in the "portage" group.
svn path=/main/trunk/; revision=2866
Diffstat (limited to 'pym/portage_data.py')
| -rw-r--r-- | pym/portage_data.py | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/pym/portage_data.py b/pym/portage_data.py index 00148f907..3739e6c59 100644 --- a/pym/portage_data.py +++ b/pym/portage_data.py @@ -38,7 +38,17 @@ if not lchown: os.environ["USERLAND"]=userland -#Secpass will be set to 1 if the user is root or in the portage group. +# Portage has 3 security levels that depend on the uid and gid of the main +# process and are assigned according to the following table: +# +# Privileges secpass uid gid +# normal 0 any any +# group 1 any portage_gid +# super 2 0 any +# +# If the "wheel" group does not exist then wheelgid falls back to 0. +# If the "portage" group does not exist then portage_uid falls back to wheelgid. + secpass=0 uid=os.getuid() @@ -60,7 +70,7 @@ except KeyError: try: portage_uid=pwd.getpwnam("portage")[2] portage_gid=grp.getgrnam("portage")[2] - if (secpass==0): + if secpass < 1 and portage_gid in os.getgroups(): secpass=1 except KeyError: portage_uid=0 |