Drop privileges

Use this Engine Plugin to start your CherryPy site as root (for example, to listen on a privileged port like 80) and then reduce privileges to something more restricted.

This priority of this plugin’s “start” listener is slightly higher than the priority for server.start in order to facilitate the most common use: starting on a low port (which requires root) and then dropping to another user.


DropPrivileges(cherrypy.engine, uid=1000, gid=1000).subscribe()


class cherrypy.process.plugins.DropPrivileges(bus, umask=None, uid=None, gid=None)

Bases: cherrypy.process.plugins.SimplePlugin

Drop privileges. uid/gid arguments not available on Windows.

Special thanks to Gavin Baker


The gid under which to run. Availability: Unix.


The uid under which to run. Availability: Unix.


The default permission mode for newly created files and directories.

Usually expressed in octal format, for example, 0644. Availability: Unix, Windows.