challenging problem for changing to a dedicated non-privileged user within a script.
Piet van Oostrum
piet at cs.uu.nl
Thu Jul 23 00:17:12 CEST 2009
>>>>> Krishnakant <hackingkk at gmail.com> (K) wrote:
>K> hello all,
>K> This is a real challenge and I don't know if a solution even exists for
>K> this or not.
>K> I am writing an application which I run as my usual user on ubuntu.
>K> the usernake is let's say kk and it has sudo permission (meaning the
>K> user is in the sudoers list ).
>K> now when i do python myscript.py, the script has to change to another
>K> non-privileged user for some tasks.
>K> let's say for example switch to the postgres user which is dedicated for
>K> postgres and has no other privileges.
>K> I have tryed doing os.setuid(112) where 112 could be the uid of the user
>K> I want the script to swith over.
>K> but I got opperation not permitted.
Being a sudoer is not a privilege to issue the os.setuid system call. It
is only a permission to use the sudo command.
>K> I tryed using subprocess but that did not help me either. I tryed sudo
>K> su into the Popen command but it throws me into the terminal (shell)
>K> with postgres as the user.
You could execute the command:
sudo -u postgres required_command
You have another problem then: your password must be supplied unless the
NOPASSWD flag is set in the sudoers file.
>K> But that's now my desired result.
>K> what I exactly want is that the script now continues to execute under
>K> postgres user till the end.
I don't think that's possible if you start as the user kk.
>K> I don't know how to achieve this iffect.
>K> Infact I will need this during a serious deployment because i would have
>K> my application run as a demon as a dedicated user.
>K> I am finding some code for deamonising a python application but don't
>K> know how to tell the script to change user.
>K> happy hacking.
Piet van Oostrum <piet at cs.uu.nl>
URL: http://pietvanoostrum.com [PGP 8DAE142BE17999C4]
Private email: piet at vanoostrum.org
More information about the Python-list