Set gid and initgroups

butterfly.service

@@ -3,7 +3,7 @@ Description=Butterfly Terminal Server
 After=network.target
 
 [Service]
-ExecStart=/usr/bin/butterfly.server.py 
+ExecStart=/usr/bin/butterfly.server.py
 Restart=on-abort
 
 [Install]

butterfly/__init__.py

@@ -14,7 +14,7 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-__version__ = '1.4.0'
+__version__ = '1.4.1'
 
 
 import os

butterfly/routes.py

@@ -99,10 +99,6 @@ class TermWebSocket(Route, tornado.websocket.WebSocketHandler):
     def pty(self):
         self.pid, self.fd = pty.fork()
         if self.pid == 0:
-            try:
-                os.closerange(3, 256)
-            except:
-                pass
             self.shell()
         else:
             self.communicate()
@@ -143,6 +139,8 @@ class TermWebSocket(Route, tornado.websocket.WebSocketHandler):
                 server == self.callee):
             # User has been auth with ssl or is the same user as server
             try:
+                os.initgroups(self.callee.name, self.callee.gid)
+                os.setgid(self.callee.gid)
                 os.setuid(self.callee.uid)
             except PermissionError:
                 print('The server must be run as root '
@@ -181,7 +179,8 @@ class TermWebSocket(Route, tornado.websocket.WebSocketHandler):
         os.execvpe(args[0], args, env)
 
     def communicate(self):
-        self.log.info('Adding handler')
+        self.log.info('PTY forked : %s (%s)' % (
+            os.ttyname(self.fd), os.ctermid()))
         fcntl.fcntl(self.fd, fcntl.F_SETFL, os.O_NONBLOCK)
 
         def utf8_error(e):

butterfly/utils.py

@@ -51,6 +51,10 @@ class User(object):
     def uid(self):
         return self.pw.pw_uid
 
+    @property
+    def gid(self):
+        return self.pw.pw_gid
+
     @property
     def name(self):
         return self.pw.pw_name