how to run part of my python code as root
Tomas Pelka
tompelka at gmail.com
Sat Feb 6 06:38:39 EST 2010
sjdevnull at yahoo.com wrote:
> On Feb 4, 2:05 pm, Tomas Pelka <tompe... at gmail.com> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hey,
>>
>> is there possibility how to run part of my code (function for example)
>> as superuser.
>>
>> Or only way how to do this is create a wrapper and run is with Popen
>> through sudo (but I have to configure sudo to run "whole" python as root).
>
thank you for excellent explanation.
> In decreasing order of desirability:
> 1. Find a way to not need root access (e.g. grant another user or
> group access to whatever resource you're trying to access).
> 2. Isolate the stuff that needs root access into a small helper
> program that does strict validation of all input (including arguments,
> environment, etc); when needed, run that process under sudo or
> similar.
I thing this approach is the best for me. But how to connect two
separated processes, one running with root privileges and second without
superuser privileges? Is was thinking about Queues from multiprocessing,
didn't you know if it is a good choice?
> 2a. Have some sort of well-verified helper daemon that has access to
> the resource you need and mediates use of that resource.
> 3. Run the process as root, using seteuid() to switch between user and
> root privs. The entire program must be heavily verified and do strict
> validation of all inputs. Any attacker who gets control over the
> process can easily switch to root privs and do damage. This is
> generally a bad idea.
--
Tom
Key fingerprint = 06C0 23C6 9EB7 0761 9807 65F4 7F6F 7EAB 496B 28AA
More information about the Python-list
mailing list