I have the following bash script:
echo "$(id -u)"
mkdir test
My own user id is 1000. Now, when I run python3.5 without root rights and invoke the script via subprocess.check_output the script works as expected and creates a folder which is owned by me.
However, when I start python with sudo but then use os.setegid(1000); os.setuid(1000), the script outputs 0 and the folder "test" is owned by root. While I get that echo "$(id -u)"may be desired behavior, I do not get why this folder is owned by root. Shouldn't the os.seteuid() function prevent that?
My exact call is:
>>> os.setegid(1000)
>>> os.seteuid(1000)
>>> subprocess.check_output(["/.script.sh"])
Which results in the folder "test" being owned by root. Is this desired behavior and if so, is there any way I can start the script as a normal user while still being able to back to root rights in the python script (i.e., not setting the "real" uid?)
setegid only sets the effective group id of the current process. Same with seteuid.
check_output spawns a new process, which is still apparently still run as root.
You might have more luck if you attempt to create your folder using python instead of shelling out to do it, but I imagine this is a simpified example so that may not be appropriate. Is it possible to run the python script as the expected user? If not you might need to do something like this;
subprocess.check_output(["sudo", "-uexpected_user", "./script.sh"])