Don't do it as root

main
Florent Daigniere 2 years ago
parent 2104c04e3b
commit 9566c297d9

@ -2,6 +2,7 @@
import os import os
import logging import logging
from pwd import getpwnam
import sys import sys
import subprocess import subprocess
import shutil import shutil
@ -77,10 +78,17 @@ conf.jinja("/conf/config.inc.php", context, "/var/www/roundcube/config/config.in
# create dirs # create dirs
os.system("mkdir -p /data/gpg") os.system("mkdir -p /data/gpg")
def demote(user_uid, user_gid):
def result():
os.setgid(user_gid)
os.setuid(user_uid)
return result
id_mailu = getpwnam('mailu')
print("Initializing database") print("Initializing database")
try: try:
result = subprocess.check_output(["/var/www/roundcube/bin/initdb.sh", "--dir", "/var/www/roundcube/SQL"], result = subprocess.check_output(["/var/www/roundcube/bin/initdb.sh", "--dir", "/var/www/roundcube/SQL"],
stderr=subprocess.STDOUT) stderr=subprocess.STDOUT, preexec_fn=demote(id_mailu.pw_uid,id_mailu.pw_gid))
print(result.decode()) print(result.decode())
except subprocess.CalledProcessError as exc: except subprocess.CalledProcessError as exc:
err = exc.stdout.decode() err = exc.stdout.decode()
@ -92,13 +100,13 @@ except subprocess.CalledProcessError as exc:
print("Upgrading database") print("Upgrading database")
try: try:
subprocess.check_call(["/var/www/roundcube/bin/update.sh", "--version=?", "-y"], stderr=subprocess.STDOUT) subprocess.check_call(["/var/www/roundcube/bin/update.sh", "--version=?", "-y"], stderr=subprocess.STDOUT, preexec_fn=demote(id_mailu.pw_uid,id_mailu.pw_gid))
except subprocess.CalledProcessError as exc: except subprocess.CalledProcessError as exc:
exit(4) exit(4)
else: else:
print("Cleaning database") print("Cleaning database")
try: try:
subprocess.check_call(["/var/www/roundcube/bin/cleandb.sh"], stderr=subprocess.STDOUT) subprocess.check_call(["/var/www/roundcube/bin/cleandb.sh"], stderr=subprocess.STDOUT, preexec_fn=demote(id_mailu.pw_uid,id_mailu.pw_gid))
except subprocess.CalledProcessError as exc: except subprocess.CalledProcessError as exc:
exit(5) exit(5)

Loading…
Cancel
Save