[FIX] picking of username for session data directory in case of setuid

Try using geteuid() before getpass.getuser() so a system where environment user and effective user (e.g. sudo, start-stop-daemon) creates session-storage directory with a username matching the access rights. lp bug: https://launchpad.net/bugs/1172306 fixed bzr revid: xmo@openerp.com-20130610092107-o4ym83e4ycz450un
2013-06-10 11:21:07 +02:00 · 2013-06-10 11:21:07 +02:00 · 1ef68b2806
parent e403f2cbde 22ba680c7e
commit 1ef68b2806
1 changed files with 7 additions and 3 deletions
--- a/addons/web/http.py
+++ b/addons/web/http.py
@ -488,9 +488,13 @@ class DisableCacheMiddleware(object):

 def session_path():
    try:
-        username = getpass.getuser()
-    except Exception:
-        username = "unknown"
+        import pwd
+        username = pwd.getpwuid(os.geteuid()).pw_name
+    except ImportError:
+        try:
+            username = getpass.getuser()
+        except Exception:
+            username = "unknown"
    path = os.path.join(tempfile.gettempdir(), "oe-sessions-" + username)
    try:
        os.mkdir(path, 0700)