how to run part of my python code as root
sjdevnull at yahoo.com
sjdevnull at yahoo.com
Thu Feb 4 14:56:57 EST 2010
On Feb 4, 2:05 pm, Tomas Pelka <tompe... at gmail.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hey,
>
> is there possibility how to run part of my code (function for example)
> as superuser.
>
> Or only way how to do this is create a wrapper and run is with Popen
> through sudo (but I have to configure sudo to run "whole" python as root).
In decreasing order of desirability:
1. Find a way to not need root access (e.g. grant another user or
group access to whatever resource you're trying to access).
2. Isolate the stuff that needs root access into a small helper
program that does strict validation of all input (including arguments,
environment, etc); when needed, run that process under sudo or
similar.
2a. Have some sort of well-verified helper daemon that has access to
the resource you need and mediates use of that resource.
3. Run the process as root, using seteuid() to switch between user and
root privs. The entire program must be heavily verified and do strict
validation of all inputs. Any attacker who gets control over the
process can easily switch to root privs and do damage. This is
generally a bad idea.
More information about the Python-list
mailing list