Python prog needs root -how to do this securely

[John D.]

I have a Python program which runs as user 'www' (it's a CGI).
It needs root privilege to write a particular file.
What's the best way of doing this while remaining secure?

Right now I do os.system("sudo myutil parms") and pass the parms to it.
I remove : < > & | from the parm string before passing it.
Is there a way to do this without making a system call?
i.e.
gimme_root()
my code...
drop_root()

 

[Suchandra Thapa]

I have a Python program which runs as user 'www' (it's a CGI).
It needs root privilege to write a particular file.
What's the best way of doing this while remaining secure?

Right now I do os.system("sudo myutil parms") and pass the parms to it.
I remove : < > & | from the parm string before passing it.
Is there a way to do this without making a system call?

With your approach you have to be aware that users on the system will probably
be able to view the parameters your are passing to myutil. Whether this is a
problem depends on your particular setup.

One alternative would be to make nobody, apache, etc. (which ever your apache
server runs under) the group owners of the file and give the apache group
write permissions to the file. This may not be feasible for your setup.