how to run part of my python code as root

T

Tomas Pelka

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey,

is there possibility how to run part of my code (function for example)
as superuser.

Or only way how to do this is create a wrapper and run is with Popen
through sudo (but I have to configure sudo to run "whole" python as root).

Thanks for advice.

- --
Tom

Key fingerprint = 06C0 23C6 9EB7 0761 9807 65F4 7F6F 7EAB 496B 28AA
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAktrGoYACgkQf29+q0lrKKqaNACdEvfg+g0n3DzFr/7R33y2Nesy
hK8An3ZlpUEEibf0Q1wVET/KpXnsv/PO
=JKro
-----END PGP SIGNATURE-----
 
S

sjdevnull

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey,

is there possibility how to run part of my code (function for example)
as superuser.

Or only way how to do this is create a wrapper and run is with Popen
through sudo (but I have to configure sudo to run "whole" python as root)..
Click to expand...

In decreasing order of desirability:
1. Find a way to not need root access (e.g. grant another user or
group access to whatever resource you're trying to access).
2. Isolate the stuff that needs root access into a small helper
program that does strict validation of all input (including arguments,
environment, etc); when needed, run that process under sudo or
similar.
2a. Have some sort of well-verified helper daemon that has access to
the resource you need and mediates use of that resource.
3. Run the process as root, using seteuid() to switch between user and
root privs. The entire program must be heavily verified and do strict
validation of all inputs. Any attacker who gets control over the
process can easily switch to root privs and do damage. This is
generally a bad idea.
 
T

Tomas Pelka

thank you for excellent explanation.
In decreasing order of desirability:
1. Find a way to not need root access (e.g. grant another user or
group access to whatever resource you're trying to access).
2. Isolate the stuff that needs root access into a small helper
program that does strict validation of all input (including arguments,
environment, etc); when needed, run that process under sudo or
similar.
Click to expand...

I thing this approach is the best for me. But how to connect two
separated processes, one running with root privileges and second without
superuser privileges? Is was thinking about Queues from multiprocessing,
didn't you know if it is a good choice?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

[RELEASED] Python 3.2.5 and Python 3.3.2 0
[RELEASED] Python 3.3.5 0
[RELEASED] Python 3.3.4 0
[RELEASED] Python 3.3.5 release candidate 2 0
[RELEASED] Python 3.3.3 final 0
[RELEASED] Python 3.3.4 release candidate 1 0
[RELEASED] Python 3.2.4 and Python 3.3.1 3
python-irclib and threading 0

Members online

Total: 71 (members: 1, guests: 70)
Robots: 318

Forum statistics

Threads
473,982
Messages
2,570,185
Members
46,736
Latest member
AdolphBig6

Latest Threads

Top