Background:
I try to run a subprocess by Process,and use os.setuid to limit child process's authority.
What I want to limit is :
do not read file on disk by linux user authority control;
through 1,limit child process load customize part,such as config.py or others.
Totally,I try to use source to load a part not from local ,such from minio storage.
Try useing child process to run source part,and use linux user control to make the children process more safe(could in control).
Questions comes
I develop the program on windows, the logics,parent process will load local part,such config.py(parent process can be as root user), shows:
through print(sys.modules) ,the children process not use the module part which parent process had load.(not get a key named config,value point to config.py)
To run on linux,I do chmod 0700 to change authority.
Through print(sys.modules),show the children process had load yet the config(had a key named config ,value point to config.py)
Why comes this different? I had never searched anything about it.
Also,could any one tell me ,how to get the target(run source part not local more safe) with other ways?
Thanks very much.
Comparison record
- if process not load config.py before
I run python shell with root control and use os.setuid change to other user,import config will get the
Permission denied error.
- load config.py before
the same as above,but first load config ,then use os.setuid to change user,finally do import config,it runs ok.
This is because for: python process will find module first from sys.modules,which is a module cache??
- pop key from sys.modules in children process
seems ok ,when I do sys.modules.pop("config")(:means,do import config failed for Permission denied)
Could anyway more better or pythonic?
