root permissions

Carel Fellinger cfelling at iae.nl
Tue Feb 13 00:13:26 CET 2001


Walter Moreira <walterm at cmat.edu.uy> wrote:
> Hello Python people.

> Hope this question not to be too off topic.
> Inside a Python script I must read a file owned by root with permissions
> 600. But I want the script can be executed by a normal user. What can I do?

> I am using sudo but this implies that the users must be listed in /etc/sudoers
> and they get all the privileges. Is there an elegant solution?

There are basicly three ways to deal with this:

1) restrict sudo acces to your program only

2) wrap your program in a real executable and suid-it
   (example in the Python source: Misc/setuid-prog.c)

3) make a small suid-ed c program to access that root-owned file
   and nothing else, and call that program from within your Python script

1 and 2 share the same huge disadvantage of your program being run as
root!  Be very carefull in your programming, drop root privelige as
soon as possible, think twice and then refrain from it all to gether.
-- 
groetjes, carel



More information about the Python-list mailing list