Run a commandline script of changed (switched) user in Python

Question

I want to add a text to a file that can be access only from a certain account id "appid" and passwd "passx" I tried following code, which does not work.

import os, subprocess
text=str('23.33%')
cmd = ['su', 'appid', '-c echo text >> /tofhisfile.txt']
proc = subprocess.Popen(cmd, shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE,     stderr=subprocess.PIPE)
proc.communicate('passx')

also this does not work

os.system('su appid -c echo text >> /tothisfile.txt')

Answer 1

You can use target_user's password using su utility only in interactive mode (or use expect utility along with su authentication). If you want to authenticate one user as another using sudo utility - you should write appropriative rules in /etc/sudoers file as root (so your source_user would not be asked for password at all). Also note, that when you're using sudo use sudo -u root /bin/sh -c 'echo "root cat write anywhere" > /etc/anywhere', in case sudo -u root echo "root can write anywhere" > /etc/anywhere you'll receive permission denied error.

Answer 2

You are using a list along with shell=True. You don't want to do the latter, but even if you did, shells take strings, so you'd need the same kind of string as your second example.

Anyways, you probably want to just do all this outside your script. So assume you've been setuid'ed properly already (though this would be what you'd use if you were doing it inside your script – os.setuid) and just write to the file, and then run the script with su whoever -c python mything.py.