how to be a super user to run linux commands in python script?

Question

I have to execute few commands in linux but I need to be a super user before I execute the command. This has to be done via python script The scenario is i should execute the following command in the order

>> su

This prompts for password

After entering the password I will have to execute the bluez commands

>> hciconfig hci0 up
>> hcitool lescan
>> hcitool lecc <address>

i need to do this in python but could you please tell me how to be a super user and give password via python then later execute the above commands in order? Meaning,I want to automate the whole process that is execute all the commands without manual intervention.

Answer 1

You can use pexpect to solve your problem. With this python module you can spawn a root shell, send the root password to the process and then execute multiple commands afterwards.

pexpect is a nice trick to automate any kind of interactive shell program ... It works fine in this example - but storing a root PW in a script like this has serious security implications (adding a user to sudoers without a password has serious security implications as well) ...

import pexpect, sys

# spawn a root shell with sudo or su depending on your linux
proc = pexpect.spawn("su")
proc.logfile = sys.stdout

# wait until the programm finds the string Password or password
# in the shell output
proc.expect("[Pp]assword")
# then: send the password to the waiting shell
proc.sendline("yourRootPW123")

# wait until the command completed ("#" is part of the next prompt)
proc.expect("#")
# run the whoami command
proc.sendline("whoami")

# wait for next prompt
proc.expect("#")
proc.sendline("ls -al")
proc.expect("#")
# ...

This will output:

myuser@lnx-work:~$ python script
[sudo] password for myuser: **************

root@lnx-work:~# whoami
whoami
root
root@lnx-work:~# ls -al
ls -al
total 60
drwx------  5 root root  4096 Dez 18 14:38 .
drwxr-xr-x 23 root root  4096 Jan 21 14:18 ..
-rw-------  1 root root 13149 Jan 27 10:19 .bash_history
-rw-r--r--  1 root root  3106 Feb 20  2014 .bashrc
...

You can read more on this here: automate with python pexpect

Answer 2

According to this you should use external commands like this:

from subprocess import call
call(["ls", "-l"])

or

os.system("ls -l")

if your command is ls -l.

(For the super user privilege, i recommend you start python as a super user.)

EDIT: You can run from subprocess import call call(["sudo", "hciconfig", "hci0", "up"]) if you want to run a sub process (hciconfig hci0 up) as a superuser.

You have to also use NOPASSWD:

sudo visudo

And change a with your username ALL=(ALL) NOPASSWD: ALL

I however recommend you run a whole script as a super user, and just use a "normal" subprocess call in the script. You probably don't want to have no pass super user access. If your script doesn't do anything really nasty, it's safer to run script as superuser.

Answer 3

Good security practice says you should minimize the time you are at elevated privilege. One way to do this is to put the commands to be run as root in a different file and then cause that file to be run as root. You have several options:

1. Your script could run the other script with sudo:
   subprocess.check_call(['sudo', '/we/run/as/root']);
2. You could make the script be 'setuid-root' and run it, no sudo needed:
   subprocess.check_call(['/we/run/as/root']);
   (however, on many systems this will not work because setuid-root is disabled on scripts)
3. Like #2 but use a small C-program which is setuid-root and it runs your script:
   subprocess.check_call(['/the/c/program']); Basically the C-program is:
   int main(void) { return system("/we/run/as/root"); }

Answer 4

Another recommendation to start the python script initially with sudo is that when you run a very long script that requires sudo permissions at the end, it will still require you to re-enter your password.

An example of calling sudo after running the script without admin permissions:

import subprocess
subprocess.call(["sudo", "hcitool", "hci0", "up"]);

You should seperate each parameter like shown above. The result that is being executed will be: 'sudo hcitool hci0 up'.