1 # data.py -- Calculated/Discovered Data Values
2 # Copyright 1998-2004 Gentoo Foundation
3 # Distributed under the terms of the GNU General Public License v2
6 import os, sys, pwd, grp
7 from portage.util import writemsg
8 from portage.output import green,red
9 from portage.output import create_color_func
10 bad = create_color_func("BAD")
15 lchown = getattr(os, "lchown", None)
16 os.environ.setdefault("XARGS", "xargs")
17 if ostype == "Linux" or \
18 ostype.lower().startswith("gnu") or \
19 ostype.lower().endswith("gnu"):
21 elif ostype == "Darwin":
23 elif ostype.endswith("BSD") or ostype =="DragonFly":
29 lchown = missingos.lchown
31 def lchown(*pos_args, **key_args):
32 writemsg(red("!!!") + " It seems that os.lchown does not" + \
33 " exist. Please rebuild python.\n", noiselevel=-1)
36 def portage_group_warning():
37 warn_prefix = bad("*** WARNING *** ")
39 "For security reasons, only system administrators should be",
40 "allowed in the portage group. Untrusted users or processes",
41 "can potentially exploit the portage group for attacks such as",
42 "local privilege escalation."
45 writemsg(warn_prefix, noiselevel=-1)
46 writemsg(x, noiselevel=-1)
47 writemsg("\n", noiselevel=-1)
48 writemsg("\n", noiselevel=-1)
50 # Portage has 3 security levels that depend on the uid and gid of the main
51 # process and are assigned according to the following table:
53 # Privileges secpass uid gid
55 # group 1 any portage_gid
58 # If the "wheel" group does not exist then wheelgid falls back to 0.
59 # If the "portage" group does not exist then portage_uid falls back to wheelgid.
69 wheelgid=grp.getgrnam("wheel")[2]
73 #Discover the uid and gid of the portage user/group
75 portage_uid=pwd.getpwnam("portage")[2]
76 portage_gid=grp.getgrnam("portage")[2]
77 if secpass < 1 and portage_gid in os.getgroups():
83 writemsg( red("portage: 'portage' user or group missing. Please update baselayout\n"))
84 writemsg( red(" and merge portage user(250) and group(250) into your passwd\n"))
85 writemsg( red(" and group files. Non-root compilation is disabled until then.\n"))
86 writemsg( " Also note that non-root/wheel users will need to be added to\n")
87 writemsg( " the portage group to do portage commands.\n")
89 writemsg( " For the defaults, line 1 goes into passwd, and 2 into group.\n")
90 writemsg(green(" portage:x:250:250:portage:/var/tmp/portage:/bin/false\n"))
91 writemsg(green(" portage::250:portage\n"))
93 portage_group_warning()
95 userpriv_groups = [portage_gid]
97 # Get a list of group IDs for the portage user. Do not use grp.getgrall()
98 # since it is known to trigger spurious SIGPIPE problems with nss_ldap.
99 from commands import getstatusoutput
100 mystatus, myoutput = getstatusoutput("id -G portage")
101 if mystatus == os.EX_OK:
102 for x in myoutput.split():
104 userpriv_groups.append(int(x))
108 userpriv_groups = list(set(userpriv_groups))
109 del getstatusoutput, mystatus, myoutput