how to run part of my python code as root

T

Tomas Pelka

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey,

is there possibility how to run part of my code (function for example)
as superuser.

Or only way how to do this is create a wrapper and run is with Popen
through sudo (but I have to configure sudo to run "whole" python as root).

Thanks for advice.

- --
Tom

Key fingerprint = 06C0 23C6 9EB7 0761 9807 65F4 7F6F 7EAB 496B 28AA
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAktrGoYACgkQf29+q0lrKKqaNACdEvfg+g0n3DzFr/7R33y2Nesy
hK8An3ZlpUEEibf0Q1wVET/KpXnsv/PO
=JKro
-----END PGP SIGNATURE-----
 
S

sjdevnull

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey,

is there possibility how to run part of my code (function for example)
as superuser.

Or only way how to do this is create a wrapper and run is with Popen
through sudo (but I have to configure sudo to run "whole" python as root)..

In decreasing order of desirability:
1. Find a way to not need root access (e.g. grant another user or
group access to whatever resource you're trying to access).
2. Isolate the stuff that needs root access into a small helper
program that does strict validation of all input (including arguments,
environment, etc); when needed, run that process under sudo or
similar.
2a. Have some sort of well-verified helper daemon that has access to
the resource you need and mediates use of that resource.
3. Run the process as root, using seteuid() to switch between user and
root privs. The entire program must be heavily verified and do strict
validation of all inputs. Any attacker who gets control over the
process can easily switch to root privs and do damage. This is
generally a bad idea.
 
T

Tomas Pelka

thank you for excellent explanation.
In decreasing order of desirability:
1. Find a way to not need root access (e.g. grant another user or
group access to whatever resource you're trying to access).
2. Isolate the stuff that needs root access into a small helper
program that does strict validation of all input (including arguments,
environment, etc); when needed, run that process under sudo or
similar.

I thing this approach is the best for me. But how to connect two
separated processes, one running with root privileges and second without
superuser privileges? Is was thinking about Queues from multiprocessing,
didn't you know if it is a good choice?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top