Drop privileges

Use this Engine Plugin to start your CherryPy site as root (for example, to listen on a privileged port like 80) and then reduce privileges to something more restricted.

This priority of this plugin’s “start” listener is slightly higher than the priority for server.start in order to facilitate the most common use: starting on a low port (which requires root) and then dropping to another user.

Example:

DropPrivileges(cherrypy.engine, uid=1000, gid=1000).subscribe()

Classes

class cherrypy.process.plugins.DropPrivileges(bus, umask=None, uid=None, gid=None)

Bases: cherrypy.process.plugins.SimplePlugin

Drop privileges. uid/gid arguments not available on Windows.

Special thanks to Gavin Baker

gid

The gid under which to run. Availability: Unix.

uid

The uid under which to run. Availability: Unix.

umask

The default permission mode for newly created files and directories.

Usually expressed in octal format, for example, 0644. Availability: Unix, Windows.