问题
I have developed a multi-platform desktop application in python and PyQt and in it i want to implement the concept of impersonation. I have a requirement where user selects a file and the the application will check for naming conventions and other things. If everythin is fine then it copies the file in a server where only impersonate user lets say (user123) has full permissions other has only read permissions.
I could able to achieve this in windows by using win32security and win32con
TO IMPERSONATE LOGIN
Self.handel=win32security.LogonUser(self.loginID,self.domain,self.password,win32con.LOGON32_LOGON_INTERACTIVE,win32con.LOGON32_PROVIDER_DEFAULT)
win32security.ImpersonateLoggedOnUser(self.handel)
AND TO REVERT BACK TO USER
win32security.RevertToSelf()
Can anyone suggest an approach to this under Linux (RHEL 6).
回答1:
First, think whether your task actually needs OS-level impersonation.
If you use e.g. PySmbClient to access a Windows file share, then you manage all connections yourself and you can just give different credentials to smbclient.
If you use PyKDE4.kio, as far as I know the same applies (KIO uses smbclient).
If you access the file server over an existing system-level mount, there is no actual "impersonation" as in Windows; it is done by simply changing the process' "effective UID" and generally can be done only if the program has root privileges (or the root-equivalent CAP_SETUID privilege on Linux).
uid = pw.getpwnam(username).pw_uid os.seteuid(uid) ... os.seteuid(0)(This is not guaranteed to work with network filesystems that store credentials in kernel keyrings... I don't yet have an answer for that.)
However, most desktop programs do not have root privileges (and should not have them). In that case, seteuid() is unavailable, and privileged actions are normally done by a privileged daemon that the desktop app contacts using some form of IPC (usually D-Bus).
来源:https://stackoverflow.com/questions/23079096/how-to-impersonate-in-linux