From d411903f6a6dbaf1d6039aaaf24fdfb9e1f186cf Mon Sep 17 00:00:00 2001 From: Zac Medico Date: Mon, 13 Mar 2006 19:59:23 +0000 Subject: [PATCH] Document portage_data.secpass and give secpass=0 to users that are not in the "portage" group. svn path=/main/trunk/; revision=2866 --- pym/portage_data.py | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/pym/portage_data.py b/pym/portage_data.py index 00148f907..3739e6c59 100644 --- a/pym/portage_data.py +++ b/pym/portage_data.py @@ -38,7 +38,17 @@ if not lchown: os.environ["USERLAND"]=userland -#Secpass will be set to 1 if the user is root or in the portage group. +# Portage has 3 security levels that depend on the uid and gid of the main +# process and are assigned according to the following table: +# +# Privileges secpass uid gid +# normal 0 any any +# group 1 any portage_gid +# super 2 0 any +# +# If the "wheel" group does not exist then wheelgid falls back to 0. +# If the "portage" group does not exist then portage_uid falls back to wheelgid. + secpass=0 uid=os.getuid() @@ -60,7 +70,7 @@ except KeyError: try: portage_uid=pwd.getpwnam("portage")[2] portage_gid=grp.getgrnam("portage")[2] - if (secpass==0): + if secpass < 1 and portage_gid in os.getgroups(): secpass=1 except KeyError: portage_uid=0 -- 2.26.2