Reputation: 2916
python run command as normal user in a root script
I have a python script that is launched as root, I can't change it.
I would like to know if it's possible to exectute certain lines of this script (or all the script) as normal user (I don't need to be root to run this).
The reason is, I use notifications, and python-notify don't work in all machines in root (looks like this bug)
So ,do you know if it's possible to change it, with a subprocess, or other?
Thanks
Upvotes: 6
Views: 7355
Answers (3)
Reputation: 107347
you need getpwnam from PWD module , for access user-id by pass username and then with os.setuid() you can change the user and Run python script as another user .
import pwd, os
uid = pwd.getpwnam('username')[2] #instead of index 2 you can use pw_uid Attribute
os.setuid(uid)
But Note that using setuid can make a enormous security hole .
Upvotes: 2
Reputation: 366073
I would like to know if it's possible to exectute certain lines of this script (or all the script) as normal user
Yes, it's possible—and a good idea.
Python's os module has a group of functions to set the real, effective, and saved user and group id, starting with setegid. What exactly each of these does is up to your platform, as far as Python is concerned; it's just calling the C functions of the same names.
But POSIX defines what those functions do. See setuid and seteuid for details, but the short version is:
- If you want to switch to a normal user and then switch back, use either
seteuidorsetreuid, to set just effective, or real and effective, but not saved UID. Then use the same function again to set them back to root. - If you want to run the whole script as a normal user and make sure you can't get root back, use
setresuidinstead, to set all three.
If you're using Python 3.1 and earlier, you don't have all of these functions. You can still use seteuid to switch effective ID back and forth, but setuid will… well, it depends on your platform, but I think most modern platforms will change saved as well as real, meaning you can't get root back. If you read the linked POSIX doc, there are a bunch of caveats and complexities in the POSIX documentation. If you only care about one platform, you probably want to read your local manpages instead, rather than reading about all of the cases and then trying to figure out which one covers your platform.
So ,do you know if it's possible to change it, with a subprocess, or other?
That isn't necessary (at least on a conforming POSIX system), but it can make things easier or safer. You can use subprocess, multiprocessing, os.fork, or any other mechanism to launch a child process, which immediately uses setuid to drop privileges—or even setresuid to give up the ability to ever restore its privilege. When that child process is done with its task, it just exits.
Upvotes: 7
Reputation: 19641
If the script is running as root, you can use os.setuid to change the process's current UID to that of another user (irrevocably) or os.seteuid to change the process's current effective UID (and you can use it again afterwards to reset the EUID to root).
Note that os.setuid changes both the real and effective UID - this is the reason it is irrevocable.
os.seteuid changes the effective UID. Since the real UID will still be root, you can still switch back the EUID to root later on in the script.
Upvotes: 1
Related Questions
- running a command as a super user from a python script
- How to elevate to root within a python script?
- How to execute bash commands as non root user from Python?
- Run a linux system command as a superuser, using a python script
- What is a pythonic way of running a Python routine as another user (e.g. root)?
- How can I run a python script run via root as a different user (local user) then back to root
- how to be a super user to run linux commands in python script?
- Making a Python script run with root privileges
- Is there any way to excute a command as a specific user in Python?
- Invoking shell script from a python script using root privileges