36

I have a CGI script that is getting an "IOError: [Errno 13] Permission denied" error in the stack trace in the web server's error log.

As part of debugging this problem, I'd like to add a little bit of code to the script to print the user and (especially) group that the script is running as, into the error log (presumably STDERR).

I know I can just print the values to sys.stderr, but how do I figure out what user and group the script is running as?

(I'm particularly interested in the group, so the $USER environment variable won't help; the CGI script has the setgid bit set so it should be running as group "list" instead of the web server's "www-data" - but I need code to see if that's actually happening.)

Augustin
  • 2,444
  • 23
  • 24
Chirael
  • 3,025
  • 4
  • 28
  • 28

3 Answers3

60
import os
import getpass
print(getpass.getuser())

Consider the following script.

---- foo.py ----     
import os
import getpass
print("Env thinks the user is [%s]" % (os.getlogin()))
print("Effective user is [%s]" % (getpass.getuser()))

Consider running the script.

$ python ./foo.py

results in

Env thinks the user is [jds]
Effective user is [jds]

now run

$ sudo -u apache python ./foo.py

results in

Env thinks the user is [jds]
Effective user is [apache]

As you can see, you these 2 calls os.getlogin() and getpass.getuser() are not the same thing. The underlying principle is how linux/and other unix's manages the running user.

Consider

$ id -u

1000

vs the effective id of the running process.

$ sudo -u apache id -u

33

Note: this is exactly what web servers are doing when they start up. They are creating a sandbox (by forking/divorcing the psudo terminal etc), and running as another user. For an in-depth account of what is going on here: see the chapter on 'daemon processes' in the Advanced Programming in the UNIX environment book.

Another good thread on the subject.

Sebastian Wozny
  • 16,943
  • 7
  • 52
  • 69
Jeff Sheffield
  • 5,768
  • 3
  • 25
  • 32
25

You can use the following piece of code:

import os
print(os.getegid())
Augustin
  • 2,444
  • 23
  • 24
Peter Lyons
  • 142,938
  • 30
  • 279
  • 274
  • 1
    This returns the *group* but not the *user* right? From the docs: `[This returns] the effective group id of the current process. This corresponds to the “set id” bit on the file being executed in the current process.`. – alex Oct 17 '17 at 17:25
  • Yes, it's the id of the group not the user. – Peter Lyons Oct 17 '17 at 18:12
  • 3
    `os.geteuid()` returns the effective *user* id – Benjamin Aug 04 '20 at 14:25
1

os.getgid() and os.getuid() can be useful. For other environment variables, look into os.getenv. For example, os.getenv('USER') on my Mac OS X returns the username. os.getenv('USERNAME') would return the username on Windows machines.

Augustin
  • 2,444
  • 23
  • 24
vpit3833
  • 7,817
  • 2
  • 25
  • 25