From 1e7910cc0886c7d992db75729d0735fe791cb34d Mon Sep 17 00:00:00 2001 From: pallavi Date: Sat, 17 Sep 2016 16:42:01 +0530 Subject: [PATCH] Don't attempt to escalate gce-api-manage privileges Remove code which allowed gce-api-manage to attempt to escalate privileges so that configuration files can be read by users who normally wouldn't have access, but do have sudo access. Change-Id: I0a684f0239bef1669c15b6c54a658c6e6f2f430c Closes-Bug: 1611171 --- gceapi/cmd/manage.py | 20 +++----------------- 1 file changed, 3 insertions(+), 17 deletions(-) diff --git a/gceapi/cmd/manage.py b/gceapi/cmd/manage.py index a7d2d58..6c69f02 100644 --- a/gceapi/cmd/manage.py +++ b/gceapi/cmd/manage.py @@ -17,7 +17,6 @@ CLI interface for GCE API management. """ -import os import sys from oslo_config import cfg @@ -25,7 +24,6 @@ from oslo_log import log from gceapi import config from gceapi.db import migration -from gceapi.i18n import _ CONF = cfg.CONF @@ -61,22 +59,10 @@ command_opt = cfg.SubCommandOpt('command', def main(): + """Parse options and call the appropriate class/method.""" CONF.register_cli_opt(command_opt) - try: - config.parse_args(sys.argv) - log.setup(CONF, "gceapi") - except cfg.ConfigFilesNotFoundError: - cfgfile = CONF.config_file[-1] if CONF.config_file else None - if cfgfile and not os.access(cfgfile, os.R_OK): - st = os.stat(cfgfile) - print(_("Could not read %s. Re-running with sudo") % cfgfile) - try: - os.execvp('sudo', ['sudo', '-u', '#%s' % st.st_uid] + sys.argv) - except Exception: - print(_('sudo failed, continuing as if nothing happened')) - - print(_('Please re-run gce-api-manage as root.')) - return(2) + config.parse_args(sys.argv) + log.setup(CONF, "gceapi") try: CONF.command.func()