Skip to content

Commit 2dc4654

Browse files
author
goncalopp
committed
add privilege drop example
1 parent 76c6073 commit 2dc4654

1 file changed

Lines changed: 25 additions & 0 deletions

File tree

examples/drop_privileges.py

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
import uinput
2+
3+
def drop_privileges(uid_name='nobody', gid_name='nogroup'):
4+
#https://stackoverflow.com/questions/2699907/dropping-root-permissions-in-python
5+
import os, pwd, grp
6+
if os.getuid() != 0:
7+
return
8+
running_uid = pwd.getpwnam(uid_name).pw_uid
9+
running_gid = grp.getgrnam(gid_name).gr_gid
10+
os.setgroups([])
11+
os.setgid(running_gid)
12+
os.setuid(running_uid)
13+
old_umask = os.umask(077)
14+
15+
16+
def main():
17+
uinput_fd= uinput.Device.create_uinput_fd()
18+
drop_privileges() #no need to be root beyond this line
19+
20+
events = (uinput.KEY_A,)
21+
with uinput.Device(events, fd=uinput_fd) as device:
22+
device.emit_click(uinput.KEY_A)
23+
24+
if __name__ == "__main__":
25+
main()

0 commit comments

Comments
 (0)