Re. suid/sudo in python

bieffe62 at bieffe62 at
Mon Mar 30 15:47:04 CEST 2009

On Mar 30, 1:16 pm, Rustom Mody <rustompm... at> wrote:
> Ben Finney wrote
> > The key thing to realise is that, having relinquished privilege, the same process can't get it back again as easily. So if you need to
> > do some tasks as a privileged user, do those *very* early and then drop the privileges for the rest of the life of the process.
> > Taking this further, you should isolate exactly what tasks need root privilege into a separate process altogether, and make
> > that process as well-tested and simple as possible: it should do nothing *but* those tasks for which it needs root privilege.
> I dont think this would be easy or convenient (if at all possible) in my case.
> I am trying to write a tiny web based application that will give an
> overall picture of LVM, Volume groups, Raid, SCSI and the underlying
> disk partitions. The administrative tools dealing with low level
> storage stack (e.g. fdisk, pvcreate, vgcreate, lvcreate, mdadm etc.)
> need to be run as root.
> However since this runs behind apache. Apache creates a separate user
> for the webserver. Hence the CGI scripts or any other tools that they
> call run as that user.
> The solution currently is
> - Write the CGI program in C, put setuid(0), setgid(0) statements in
> that file and then perform any other actions (including calling other
> scripts)
> - Set the S bit of the executable of the CGI binary compiled from the
> C file (chmod +S xxx.cgi)
> Yeah yeah "Security! HOLE!!" etc but please note that this is running
> on linux on vmware on an otherwise secure system.
> So whats the best way of doing this in python?

Have a 'server process' running with root privilege ( a script started
by a privileged account)  and implement a protocol to ask for system
info from your cgi scripts under apache. In python this is a lot
easier than it sounds.
The simplest case would be that to send a 'system command' to the
server through a unix socket, the server
executes the command as received and returns the command output. Not
more than a day work, I believe. Not much more secure that
a setuid python script, also, maybe less :-)
A better implementation would be such that the protocol only allows
for a set of pre-defined safe requests ...



More information about the Python-list mailing list