challenging problem for changing to a dedicated non-privileged user within a script.

[Piet van Oostrum]

>>>>> Krishnakant <hackingkk at gmail.com> (K) wrote:

>K> hello all,
>K> This is a real challenge and I don't know if a solution even exists for
>K> this or not.

>K> I am writing an application which I run as my usual user on ubuntu.
>K> the usernake is let's say kk and it has sudo permission (meaning the
>K> user is in the sudoers list ).


>K> now when i do python myscript.py, the script has to change to another
>K> non-privileged user for some tasks.
>K> let's say for example switch to the postgres user which is dedicated for
>K> postgres and has no other privileges.

>K> I have tryed doing os.setuid(112) where 112 could be the uid of the user
>K> I want the script to swith over.

>K> but I got opperation not permitted.

Being a sudoer is not a privilege to issue the os.setuid system call. It
is only a permission to use the sudo command.

>K> I tryed using subprocess but that did not help me either.  I tryed sudo
>K> su into the Popen command but it throws me into the terminal (shell)
>K> with postgres as the user.

You could execute the command:
sudo -u postgres required_command
with subprocess.

You have another problem then: your password must be supplied unless the
NOPASSWD flag is set in the sudoers file.

>K> But that's now my desired result.
>K> what I exactly want is that the script now continues to execute under
>K> postgres user till the end.

I don't think that's possible if you start as the user kk. 

>K> I don't know how to achieve this iffect.

>K> Infact I will need this during a serious deployment because i would have
>K> my application run as a demon as a dedicated user.

>K> I am finding some code for deamonising a python application but don't
>K> know how to tell the script to change user.

>K> happy hacking.
>K> Krishnakant.



-- 
Piet van Oostrum <piet at cs.uu.nl>
URL: http://pietvanoostrum.com [PGP 8DAE142BE17999C4]
Private email: piet at vanoostrum.org