Don't attempt to escalate gce-api-manage privileges

Remove code which allowed gce-api-manage to attempt to escalate
privileges so that configuration files can be read by users who
normally wouldn't have access, but do have sudo access.

Change-Id: I0a684f0239bef1669c15b6c54a658c6e6f2f430c
Closes-Bug: 1611171
This commit is contained in:
pallavi 2016-09-17 16:42:01 +05:30 committed by iswarya vakati
parent 967108eafe
commit 1e7910cc08
1 changed files with 3 additions and 17 deletions

View File

@ -17,7 +17,6 @@
CLI interface for GCE API management.
"""
import os
import sys
from oslo_config import cfg
@ -25,7 +24,6 @@ from oslo_log import log
from gceapi import config
from gceapi.db import migration
from gceapi.i18n import _
CONF = cfg.CONF
@ -61,22 +59,10 @@ command_opt = cfg.SubCommandOpt('command',
def main():
"""Parse options and call the appropriate class/method."""
CONF.register_cli_opt(command_opt)
try:
config.parse_args(sys.argv)
log.setup(CONF, "gceapi")
except cfg.ConfigFilesNotFoundError:
cfgfile = CONF.config_file[-1] if CONF.config_file else None
if cfgfile and not os.access(cfgfile, os.R_OK):
st = os.stat(cfgfile)
print(_("Could not read %s. Re-running with sudo") % cfgfile)
try:
os.execvp('sudo', ['sudo', '-u', '#%s' % st.st_uid] + sys.argv)
except Exception:
print(_('sudo failed, continuing as if nothing happened'))
print(_('Please re-run gce-api-manage as root.'))
return(2)
config.parse_args(sys.argv)
log.setup(CONF, "gceapi")
try:
CONF.command.func()