[OT] Problems with permissions etc

[Frank Millman]

Hi all

This is not strictly a Python question, but this newsgroup feels like a
family to me, so I hope that someone will be kind enough to respond to
this, or at least point me in the right direction.

While developing under linux, I use my own computer, as the only user,
so it has become my habit to login as root and do all my work as a
superuser. I know that this is not desirable, but it has become a
habit, which I am now trying to get out of.

Now that I am logging in as an ordinary user, I find that a number of
things that previously 'just worked' have now stopped working. I can
usually find the cause, and tweak whatever is needed to get it working
again, but I am wondering how most people work. Is it normal to
experience these kinds of problems, or am I missing a trick somewhere
and making my life more complicated than it need be?

I will give two examples. I would like advice on the best way to fix
them, but I would prefer a more general reply that explains how
experienced unix/linux users go about handling these kinds of issues.

1. The application I am developing will eventually be deployed as a
multi-user accounting/business system. I want to identify the physical
workstation that generates each transaction, so I am using the mac
address. My method for extracting this is as follows -
mac = os.popen("ifconfig|grep Ether|awk {print '$5'}").read()[:-1] #
I did not come up with this myself, I cribbed it from somewhere

As root, this works fine. As non-root, ifconfig is not found. The
reason is that it is in /sbin, and this is not included in the default
path for non-root users. I could either include /sbin in my path, or I
could change the above line to /sbin/ifconfig ... Alternatively, there
may be a better way of getting the mac address or identifying the
workstation.

2. I am using wxPython, which was compiled from source. It so happens
that I did this with a colleague who also has a user account on my
machine, so the compile and install of wxPython was done from his home
directory.

When I start my app as non-root, the import of wx fails, as it cannot
find certain files. They are in the other user's home directory, but as
the top-level directory has permissions of drwx------, my user cannot
read anything in that directory. I can change the directory
permissions, or I can move the files to another area which all users
can read. If the latter, is there a 'correct' place to put them?

I think that these problems are a result of my lack of experience as a
system administrator. On the other hand, the various books and articles
I have read to try and improve my knowledge have not covered these
kinds of issues. Is it just something that one learns the hard way?

Any advice, especially pointers to reading matter that covers this
topic, will be much appreciated.

Thanks

Frank Millman

 

[Paul Rubin]

1. The application I am developing will eventually be deployed as a
multi-user accounting/business system. I want to identify the physical
workstation that generates each transaction, so I am using the mac
address. My method for extracting this is as follows -

If you are trying to use the mac address as a hard-to-spoof security
token, forget it, it is ridiculous. You want a smart card with crypto
authentication. Some cheap and convenient dev kits are available from
www.basiccard.com. Shipping charges from Germany to the US (what you
get through the online order form) are ridiculous, but there's a
distributor now in Canada now and the shipping charges from there are
much more reasonable.

 

[Martin Franklin]

Hi Frank,

Hi all

This is not strictly a Python question, but this newsgroup feels like a
family to me, so I hope that someone will be kind enough to respond to
this, or at least point me in the right direction.

While developing under linux, I use my own computer, as the only user,
so it has become my habit to login as root and do all my work as a
superuser. I know that this is not desirable, but it has become a
habit, which I am now trying to get out of.

Good.

Most 'problems' I have running this kind of system at home can be fixed
by adding your user account to the /etc/sudoers file like so:-

martin ALL=(ALL) ALL


so every now and then when I need to do somthing as root I just sudo
(and enter *my* password)

Linux distros such as ubuntu use this scheme and I think MAC OS X does
too.

Now that I am logging in as an ordinary user, I find that a number of
things that previously 'just worked' have now stopped working. I can
usually find the cause, and tweak whatever is needed to get it working
again, but I am wondering how most people work. Is it normal to
experience these kinds of problems, or am I missing a trick somewhere
and making my life more complicated than it need be?

I will give two examples. I would like advice on the best way to fix
them, but I would prefer a more general reply that explains how
experienced unix/linux users go about handling these kinds of issues.

1. The application I am developing will eventually be deployed as a
multi-user accounting/business system. I want to identify the physical
workstation that generates each transaction, so I am using the mac
address. My method for extracting this is as follows -
mac = os.popen("ifconfig|grep Ether|awk {print '$5'}").read()[:-1] #
I did not come up with this myself, I cribbed it from somewhere
As root, this works fine. As non-root, ifconfig is not found. The
reason is that it is in /sbin, and this is not included in the default
path for non-root users. I could either include /sbin in my path, or I
could change the above line to /sbin/ifconfig ... Alternatively, there
may be a better way of getting the mac address or identifying the
workstation.

Since you are relying on ifconfig anyway I would just stick the fully
qualified pathname (/sbin/ifconfig) into the python code

2. I am using wxPython, which was compiled from source. It so happens
that I did this with a colleague who also has a user account on my
machine, so the compile and install of wxPython was done from his home
directory.

When I start my app as non-root, the import of wx fails, as it cannot
find certain files. They are in the other user's home directory, but as
the top-level directory has permissions of drwx------, my user cannot
read anything in that directory. I can change the directory
permissions, or I can move the files to another area which all users
can read. If the latter, is there a 'correct' place to put them?

Re-compile and or install wxPython as root, this will install it into a
default place (/usr/local or wherever) and you will not need to worry
about permissions.

I think that these problems are a result of my lack of experience as a
system administrator. On the other hand, the various books and articles
I have read to try and improve my knowledge have not covered these
kinds of issues. Is it just something that one learns the hard way?

Any advice, especially pointers to reading matter that covers this
topic, will be much appreciated.

Thanks

Frank Millman

Cheers
Martin

 

[Dan]

2. I am using wxPython, which was compiled from source.

Maybe you had a good reason to install from source. But if you didn't, I
suggest using a sys-admin's convenience tool, such as "apt". Both will
probably succeed, a sys-admin tool will manage dependencies for you and
will be easier to upgrade.

 

[Michael Josephson]

Hi,

Alternatively, there
may be a better way of getting the mac address or identifying the
workstation.

As Paul pointed out you should not rely on the MAC address as a secure
identifier. However, if it's suitable for your purposes you might want
to take a look at libdnet (http://libdnet.sourceforge.net/) which is a
library that provides access to low level networking routines.

Hope this helps,

-Michael

 

[Jeremy Moles]

Hi all

This is not strictly a Python question, but this newsgroup feels like a
family to me, so I hope that someone will be kind enough to respond to
this, or at least point me in the right direction.

While developing under linux, I use my own computer, as the only user,
so it has become my habit to login as root and do all my work as a
superuser. I know that this is not desirable, but it has become a
habit, which I am now trying to get out of.

Now that I am logging in as an ordinary user, I find that a number of
things that previously 'just worked' have now stopped working. I can
usually find the cause, and tweak whatever is needed to get it working
again, but I am wondering how most people work. Is it normal to
experience these kinds of problems, or am I missing a trick somewhere
and making my life more complicated than it need be?

I will give two examples. I would like advice on the best way to fix
them, but I would prefer a more general reply that explains how
experienced unix/linux users go about handling these kinds of issues.

1. The application I am developing will eventually be deployed as a
multi-user accounting/business system. I want to identify the physical
workstation that generates each transaction, so I am using the mac
address. My method for extracting this is as follows -
mac = os.popen("ifconfig|grep Ether|awk {print '$5'}").read()[:-1] #
I did not come up with this myself, I cribbed it from somewhere

As root, this works fine. As non-root, ifconfig is not found. The
reason is that it is in /sbin, and this is not included in the default
path for non-root users. I could either include /sbin in my path, or I
could change the above line to /sbin/ifconfig ... Alternatively, there
may be a better way of getting the mac address or identifying the
workstation.

I <3 sysfs; case in point:

cat /sys/class/net/eth*/address

...weeeee..

 

[Mike Meyer]

While developing under linux, I use my own computer, as the only user,
so it has become my habit to login as root and do all my work as a
superuser. I know that this is not desirable, but it has become a
habit, which I am now trying to get out of.

Ack. Phht. Well, at least you're trying to get out of the habit. Your
problems are generally caused by doing things as the wrong user. You
need to figure out which things you have to do as root, and then do
those (and only those) as root, and do the rest as you.

1. The application I am developing will eventually be deployed as a
multi-user accounting/business system. I want to identify the physical
workstation that generates each transaction, so I am using the mac
address. My method for extracting this is as follows -
mac = os.popen("ifconfig|grep Ether|awk {print '$5'}").read()[:-1] #
I did not come up with this myself, I cribbed it from somewhere

As root, this works fine. As non-root, ifconfig is not found. The
reason is that it is in /sbin, and this is not included in the default
path for non-root users. I could either include /sbin in my path, or I
could change the above line to /sbin/ifconfig ... Alternatively, there
may be a better way of getting the mac address or identifying the
workstation.

Put "/sbin/ifconfig" in a string variable. Place that somewhere where
a person porting the program will find it. Then use the variable name
in the os.popen call. Of course, if ifconfig is in /sbin, it's likely
that their ifconfig won't work that way anyway. Mine certainly
doesn't.

BTW, I'd consider doing the grep/awk part of the process via
python. Python won't be as fast as the grep/awk, but ifconfig's output
is short, so the cost of launching the new processes probably swamps
that. Something like:

for line in os.popen(IFCONFIG):
if line.find('Ether'):
mac = line.split()[4]
break

should do it. On the other hand, if its fast enough and works, don't
touch it.

2. I am using wxPython, which was compiled from source. It so happens
that I did this with a colleague who also has a user account on my
machine, so the compile and install of wxPython was done from his home
directory.

Python modules should be installed as root. That should put them in
the correct place.

When I start my app as non-root, the import of wx fails, as it cannot
find certain files. They are in the other user's home directory, but as
the top-level directory has permissions of drwx------, my user cannot
read anything in that directory. I can change the directory
permissions, or I can move the files to another area which all users
can read. If the latter, is there a 'correct' place to put them?

Yes. In the python libraries site-packages directory.

You really want to check out your platforms package management
system. It's *much* easier to type "sudo port install wx-python" than
it is to download, configure, compile, and install the package. The
exact command will depend on your distro. It's probably one of rpm or
apt-get, but might be emerge, or maybe even port.

<mike

 

[Frank Millman]

Thanks for all the replies. They were useful.

I think that my situation was best summed up by Mike - I need to figure
out which things I have to do as root and which I have to do as me. I
guess this only comes from experience, but it seems a good rule to
follow.

My reasons for wanting the mac address are nothing to do with security.
I have in mind a retail point-of-sale situation, where I want to record
which transactions took place at which point-of-sale. I hope that, in
this context, my use of the mac address will be safe enough.

As for wxPython, it is correctly installed in
/usr/local/lib/python2.4/site-packages. However, as part of the build
process, wxPython builds its own version of gtk. It does not install
it, but stores the generated files in the original build directory, and
then hard-codes the path to the shared object files. As the original
build directory happened to be under another user's home directory, my
user could not read the files. I have deleted wxPython and reinstalled
it from another directory which all users can read, and it now works
fine. It was this 'other' directory that I was referring to when I
asked if there was a 'correct' place, but I guess that anywhere
reasonable is fine.

Many thanks to all

Frank

 

[Paul Rubin]

My reasons for wanting the mac address are nothing to do with security.
I have in mind a retail point-of-sale situation, where I want to record
which transactions took place at which point-of-sale. I hope that, in
this context, my use of the mac address will be safe enough.

Don't count on it. There was a widely publicized exploit at some big
retail chain (maybe Target) when they did something like that over a
wifi network a year or so ago. Attackers with the right gear had
themselves a party. If you're moving data that represents real-world
money, you have to assume someone will launch sophisticated attacks to
get at it.