Best way to gain root privileges

Steven D'Aprano steve+comp.lang.python at pearwood.info
Thu Feb 17 22:46:58 CET 2011


On Thu, 17 Feb 2011 19:44:20 +0000, Katie T wrote:

> Running any kind of script sudo'd is a bad idea, it's very very hard (in
> many cases impossible) to do securely. Root permissions in general
> should only be used for what they're needed for and nothing else (that
> means getting the permission, doing the stuff that needs to be done as
> root, and then returning back to normal privs), anything else is just
> asking for trouble.

I agree with your general point, but the specific point to avoid running 
scripts with sudo? Are you sure you're not conflating sudo with setuid? 
By my reading, sudo is far preferred over running scripts setuid root.

Linux, for example, simply will not run scripts setuid root because of 
the security risk, while running things using sudo is considered best 
practice, and much preferred over logging in as root. The idea of sudo is 
to do exactly what you say: doing the stuff needed as root with elevated 
permission, then returning to normal.



-- 
Steven



More information about the Python-list mailing list