我们从Python开源项目中,提取了以下50个代码示例,用于说明如何使用os.getgroups()。
def check_access(filename, write_required=True): """ Checks if user has read and optionaly write access to specified file. Uses acl first and possix file permisions if acl cannot be used. Returns true only if user has both required access rights. """ if HAVE_POSIX1E: for pset in posix1e.ACL(file=filename): if pset.tag_type == posix1e.ACL_USER and pset.qualifier == os.geteuid(): if pset.permset.test(posix1e.ACL_READ) and (not write_required or pset.permset.test(posix1e.ACL_WRITE)): return True if pset.tag_type == posix1e.ACL_GROUP and pset.qualifier in os.getgroups(): if pset.permset.test(posix1e.ACL_READ) and (not write_required or pset.permset.test(posix1e.ACL_WRITE)): return True if write_required: return os.access(filename, os.R_OK | os.W_OK) return os.access(filename, os.R_OK)
def effectivelyReadable(self): uid = os.getuid() euid = os.geteuid() gid = os.getgid() egid = os.getegid() # This is probably true most of the time, so just let os.access() # handle it. Avoids potential bugs in the rest of this function. if uid == euid and gid == egid: return os.access(self.name, os.R_OK) st = os.stat(self.name) # This may be wrong depending on the semantics of your OS. # i.e. if the file is -------r--, does the owner have access or not? if st.st_uid == euid: return st.st_mode & stat.S_IRUSR != 0 # See comment for UID check above. groups = os.getgroups() if st.st_gid == egid or st.st_gid in groups: return st.st_mode & stat.S_IRGRP != 0 return st.st_mode & stat.S_IROTH != 0
def testNoArgFunctions(self): # test posix functions which take no arguments and have # no side-effects which we need to cleanup (e.g., fork, wait, abort) NO_ARG_FUNCTIONS = [ "ctermid", "getcwd", "getcwdu", "uname", "times", "getloadavg", "tmpnam", "getegid", "geteuid", "getgid", "getgroups", "getpid", "getpgrp", "getppid", "getuid", ] with warnings.catch_warnings(): warnings.filterwarnings("ignore", "", DeprecationWarning) for name in NO_ARG_FUNCTIONS: posix_func = getattr(posix, name, None) if posix_func is not None: posix_func() self.assertRaises(TypeError, posix_func, 1)
def test_getgroups(self): with os.popen('id -G 2>/dev/null') as idg: groups = idg.read().strip() ret = idg.close() if ret != None or not groups: raise unittest.SkipTest("need working 'id -G'") # Issues 16698: OS X ABIs prior to 10.6 have limits on getgroups() if sys.platform == 'darwin': import sysconfig dt = sysconfig.get_config_var('MACOSX_DEPLOYMENT_TARGET') or '10.0' if tuple(int(n) for n in dt.split('.')[0:2]) < (10, 6): raise unittest.SkipTest("getgroups(2) is broken prior to 10.6") # 'id -G' and 'os.getgroups()' should return the same # groups, ignoring order and duplicates. # #10822 - it is implementation defined whether posix.getgroups() # includes the effective gid so we include it anyway, since id -G does self.assertEqual( set([int(x) for x in groups.split()]), set(posix.getgroups() + [posix.getegid()]))
def getDebug(self): return { "environment": self.req.env, "client": self.req.client.__dict__, "database": self.db.get_debug(), "system": { "uname": os.uname() }, "process": { "cwd": os.getcwdu(), "pid": os.getpid(), "ppid": os.getppid(), "pgrp": os.getpgrp(), "uid": os.getuid(), "gid": os.getgid(), "euid": os.geteuid(), "egid": os.getegid(), "groups": os.getgroups() } }
def get_current_users_and_groups(displayer=None): ruid, euid, suid = getresuid() rgid, egid, sgid = getresgid() supplementary_groups = os.getgroups() _supplementary_groups = [] for _id in supplementary_groups: _name = get_name_by_gid(_id) _supplementary_groups.append({'name': _name, 'id': _id}) return { 'users': { 'real user': {'name': get_name_by_uid(ruid), 'id': ruid}, 'effective user': {'name': get_name_by_uid(euid), 'id': euid}, 'saved user': {'name': get_name_by_uid(suid), 'id': suid},}, 'groups': { 'real group': {'name': get_name_by_gid(rgid), 'id': rgid}, 'effective group': {'name': get_name_by_gid(rgid), 'id': rgid}, 'saved group': {'name': get_name_by_gid(rgid), 'id': rgid},}, 'supplementary_groups': _supplementary_groups, }
def test_getgroups(self): with os.popen('id -G') as idg: groups = idg.read().strip() ret = idg.close() if ret is not None or not groups: raise unittest.SkipTest("need working 'id -G'") # Issues 16698: OS X ABIs prior to 10.6 have limits on getgroups() if sys.platform == 'darwin': import sysconfig dt = sysconfig.get_config_var('MACOSX_DEPLOYMENT_TARGET') or '10.0' if float(dt) < 10.6: raise unittest.SkipTest("getgroups(2) is broken prior to 10.6") # 'id -G' and 'os.getgroups()' should return the same # groups, ignoring order and duplicates. # #10822 - it is implementation defined whether posix.getgroups() # includes the effective gid so we include it anyway, since id -G does self.assertEqual( set([int(x) for x in groups.split()]), set(posix.getgroups() + [posix.getegid()])) # tests for the posix *at functions follow
def test_getgroups(self): with os.popen('id -G 2>/dev/null') as idg: groups = idg.read().strip() ret = idg.close() if ret is not None or not groups: raise unittest.SkipTest("need working 'id -G'") # Issues 16698: OS X ABIs prior to 10.6 have limits on getgroups() if sys.platform == 'darwin': import sysconfig dt = sysconfig.get_config_var('MACOSX_DEPLOYMENT_TARGET') or '10.0' if tuple(int(n) for n in dt.split('.')[0:2]) < (10, 6): raise unittest.SkipTest("getgroups(2) is broken prior to 10.6") # 'id -G' and 'os.getgroups()' should return the same # groups, ignoring order and duplicates. # #10822 - it is implementation defined whether posix.getgroups() # includes the effective gid so we include it anyway, since id -G does self.assertEqual( set([int(x) for x in groups.split()]), set(posix.getgroups() + [posix.getegid()])) # tests for the posix *at functions follow
def test_getgroups(self): with os.popen('id -G') as idg: groups = idg.read().strip() ret = idg.close() if ret != None or not groups: raise unittest.SkipTest("need working 'id -G'") # Issues 16698: OS X ABIs prior to 10.6 have limits on getgroups() if sys.platform == 'darwin': import sysconfig dt = sysconfig.get_config_var('MACOSX_DEPLOYMENT_TARGET') or '10.0' if float(dt) < 10.6: raise unittest.SkipTest("getgroups(2) is broken prior to 10.6") # 'id -G' and 'os.getgroups()' should return the same # groups, ignoring order and duplicates. # #10822 - it is implementation defined whether posix.getgroups() # includes the effective gid so we include it anyway, since id -G does self.assertEqual( set([int(x) for x in groups.split()]), set(posix.getgroups() + [posix.getegid()]))
def is_file_readable(filepath): """ Check if the file given is readable to the user we are currently running at """ uid = os.getuid() euid = os.geteuid() gid = os.getgid() egid = os.getegid() # This is probably true most of the time, so just let os.access() # handle it. Avoids potential bugs in the rest of this function. if uid == euid and gid == egid: return os.access(filepath, os.R_OK) st = os.stat(filepath) if st.st_uid == euid: return st.st_mode & stat.S_IRUSR != 0 groups = os.getgroups() if st.st_gid == egid or st.st_gid in groups: return st.st_mode & stat.S_IRGRP != 0 return st.st_mode & stat.S_IROTH != 0
def initgroups(uid, primaryGid): """Initializes the group access list. This is done by reading the group database /etc/group and using all groups of which C{uid} is a member. The additional group C{primaryGid} is also added to the list. If the given user is a member of more than C{NGROUPS}, arbitrary groups will be silently discarded to bring the number below that limit. """ try: # Try to get the maximum number of groups max_groups = os.sysconf("SC_NGROUPS_MAX") except: # No predefined limit max_groups = 0 username = pwd.getpwuid(uid)[0] l = [] if primaryGid is not None: l.append(primaryGid) for groupname, password, gid, userlist in grp.getgrall(): if username in userlist: l.append(gid) if len(l) == max_groups: break # No more groups, ignore any more try: _setgroups_until_success(l) except OSError, e: # We might be able to remove this code now that we # don't try to setgid/setuid even when not asked to. if e.errno == errno.EPERM: for g in getgroups(): if g not in l: raise else: raise
def _runAsUser(self, f, *args, **kw): euid = os.geteuid() egid = os.getegid() groups = os.getgroups() uid, gid = self.getUserGroupId() os.setegid(0) os.seteuid(0) os.setgroups(self.getOtherGroups()) os.setegid(gid) os.seteuid(uid) try: f = iter(f) except TypeError: f = [(f, args, kw)] try: for i in f: func = i[0] args = len(i)>1 and i[1] or () kw = len(i)>2 and i[2] or {} r = func(*args, **kw) finally: os.setegid(0) os.seteuid(0) os.setgroups(groups) os.setegid(egid) os.seteuid(euid) return r
def show_user_info(): print('User (actual/effective) : {} / {}'.format( os.getuid(), os.geteuid())) print('Group (actual/effective) : {} / {}'.format( os.getgid(), os.getegid())) print('Actual Groups :', os.getgroups())
def testNoArgFunctions(self): # test posix functions which take no arguments and have # no side-effects which we need to cleanup (e.g., fork, wait, abort) NO_ARG_FUNCTIONS = [ "ctermid", "getcwd", "getcwdb", "uname", "times", "getloadavg", "getegid", "geteuid", "getgid", "getgroups", "getpid", "getpgrp", "getppid", "getuid", ] for name in NO_ARG_FUNCTIONS: posix_func = getattr(posix, name, None) if posix_func is not None: posix_func() self.assertRaises(TypeError, posix_func, 1)
def test_getgroups(self): with os.popen('id -G') as idg: groups = idg.read().strip() if not groups: raise unittest.SkipTest("need working 'id -G'") # 'id -G' and 'os.getgroups()' should return the same # groups, ignoring order and duplicates. # #10822 - it is implementation defined whether posix.getgroups() # includes the effective gid so we include it anyway, since id -G does self.assertEqual( set([int(x) for x in groups.split()]), set(posix.getgroups() + [posix.getegid()]))
def setUp(self): if posix.getuid() != 0: raise unittest.SkipTest("not enough privileges") if not hasattr(posix, 'getgroups'): raise unittest.SkipTest("need posix.getgroups") if sys.platform == 'darwin': raise unittest.SkipTest("getgroups(2) is broken on OSX") self.saved_groups = posix.getgroups()
def test_initgroups(self): # find missing group g = max(self.saved_groups) + 1 name = pwd.getpwuid(posix.getuid()).pw_name posix.initgroups(name, g) self.assertIn(g, posix.getgroups())
def test_setgroups(self): for groups in [[0], list(range(16))]: posix.setgroups(groups) self.assertListEqual(groups, posix.getgroups())
def is_writable(path): # Ensure that it exists. if not os.path.exists(path): return False # If we're on a posix system, check its permissions. if hasattr(os, 'getuid'): statdata = os.stat(path) perm = stat.S_IMODE(statdata.st_mode) # is it world-writable? if (perm & 0o002): return True # do we own it? elif statdata.st_uid == os.getuid() and (perm & 0o200): return True # are we in a group that can write to it? elif (statdata.st_gid in [os.getgid()] + os.getgroups()) \ and (perm & 0o020): return True # otherwise, we can't write to it. else: return False # Otherwise, we'll assume it's writable. # [xx] should we do other checks on other platforms? return True ###################################################################### # NLTK Error reporting ######################################################################
def test_initgroups(self): # find missing group g = max(self.saved_groups or [0]) + 1 name = pwd.getpwuid(posix.getuid()).pw_name posix.initgroups(name, g) self.assertIn(g, posix.getgroups())
def groupcheck(unprivGid, tgtGid): "verify that the user running mock is part of the correct group" # verify that we're in the correct group (so all our uid/gid manipulations work) inmockgrp = False members = [] for gid in os.getgroups() + [unprivGid]: name = grp.getgrgid(gid).gr_name if gid == tgtGid: inmockgrp = True break members.append(name) if not inmockgrp: name = grp.getgrgid(tgtGid).gr_name raise RuntimeError("Must be member of '%s' group to run mock! (%s)" % (name, ", ".join(members)))
def testNoArgFunctions(self): # test posix functions which take no arguments and have # no side-effects which we need to cleanup (e.g., fork, wait, abort) NO_ARG_FUNCTIONS = [ "ctermid", "getcwd", "getcwdb", "uname", "times", "getloadavg", "getegid", "geteuid", "getgid", "getgroups", "getpid", "getpgrp", "getppid", "getuid", "sync", ] for name in NO_ARG_FUNCTIONS: posix_func = getattr(posix, name, None) if posix_func is not None: posix_func() self.assertRaises(TypeError, posix_func, 1)
def get_os_internals(): # noqa: D103 os_internals = [] if hasattr(os, 'getcwd'): os_internals.append(("Current Working Directory", os.getcwd())) if hasattr(os, 'getegid'): os_internals.append(("Effective Group ID", os.getegid())) if hasattr(os, 'geteuid'): os_internals.append(("Effective User ID", os.geteuid())) if hasattr(os, 'getgid'): os_internals.append(("Group ID", os.getgid())) if hasattr(os, 'getuid'): os_internals.append(("User ID", os.getuid())) if hasattr(os, 'getgroups'): os_internals.append(("Group Membership", ', '.join(map(str, os.getgroups())))) if hasattr(os, 'linesep'): os_internals.append(("Line Seperator", repr(os.linesep)[1:-1])) if hasattr(os, 'pathsep'): os_internals.append(("Path Seperator", os.pathsep)) if hasattr(os, 'getloadavg'): os_internals.append(("Load Avarage", ', '.join( map(lambda x: str(round(x, 2)), os.getloadavg())))) return os_internals
def is_executable_file(path): """Checks that path is an executable regular file (or a symlink to a file). This is roughly ``os.path isfile(path) and os.access(path, os.X_OK)``, but on some platforms :func:`os.access` gives us the wrong answer, so this checks permission bits directly. """ # follow symlinks, fpath = os.path.realpath(path) # return False for non-files (directories, fifo, etc.) if not os.path.isfile(fpath): return False # On Solaris, etc., "If the process has appropriate privileges, an # implementation may indicate success for X_OK even if none of the # execute file permission bits are set." # # For this reason, it is necessary to explicitly check st_mode # get file mode using os.stat, and check if `other', # that is anybody, may read and execute. mode = os.stat(fpath).st_mode if mode & stat.S_IROTH and mode & stat.S_IXOTH: return True # get current user's group ids, and check if `group', # when matching ours, may read and execute. user_gids = os.getgroups() + [os.getgid()] if (os.stat(fpath).st_gid in user_gids and mode & stat.S_IRGRP and mode & stat.S_IXGRP): return True # finally, if file owner matches our effective userid, # check if `user', may read and execute. user_gids = os.getgroups() + [os.getgid()] if (os.stat(fpath).st_uid == os.geteuid() and mode & stat.S_IRUSR and mode & stat.S_IXUSR): return True return False
def __init__(self): self.my_uid = os.getuid() self.my_groups = os.getgroups()
