Python Forum
Python Forum

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Thread Modes
suid root with python
Skaperen
Weighs the Same as a Duck
Posts: 4,558
Threads: 1,463
Joined: Sep 2016
Reputation: 14
#1
Sep-19-2018, 04:26 AM
has anyone figured out how to safely do a setuid root script in Python on Linux? normally this would require a compiled (usually in C or C++) executable that carefully finds the script to execute and runs it. then you (the admin with root or sudo powers) would set the compiled executable to be suid root, and runs the script with the effective uid it has (such as root). i have written one of these in C when i needed to make some bash scripts run suid root. i could use it for Python if i can find it (from about 24 years ago). i am just wondering if anyone has solved this another way. i have thought about this at times for a few years and imagined that this could be solved by the interpreter detecting this configuration and handling it itself.
Tradition is peer pressure from dead people

What do you call someone who speaks three languages? Trilingual. Two languages? Bilingual. One language? American.
Find
Reply
DeaD_EyE
So-and-so of the Yard
Posts: 2,020
Threads: 9
Joined: May 2017
Reputation: 230
#2
Sep-20-2018, 05:06 AM (This post was last modified: Sep-20-2018, 05:06 AM by DeaD_EyE.)
With os.execvp you can run python again with sudo.
I have a example at home. I'll update my post.
It's also an example for windows included.

import os
import sys
import subprocess
import platform


def windows_elevation():
    import ctypes
    is_admin = bool(ctypes.windll.shell32.IsUserAnAdmin())
    if not is_admin:
        ctypes.windll.shell32.ShellExecuteW(
           None, 'runas',
           sys.executable,
           sys.argv[0], None, 1)
        sys.exit(0)


def linux_elevation():
    exe = sys.executable
    cmd = sys.argv
    uid = os.getuid()

    if uid != 0:
        #print('No user root, elevating with sudo')
        os.execvp('sudo', ['sudo', exe, *cmd])


def elevate():
    system = platform.system()
    if system == 'Linux':
        linux_elevation()
    elif system == 'Windows':
        windows_elevation()


if __name__ == '__main__':
    elevate()
    print('The final command...')
Almost dead, but too lazy to die: https://sourceserver.info
All humans together. We don't need politicians!
Website Find
Reply
Skaperen
Weighs the Same as a Duck
Posts: 4,558
Threads: 1,463
Joined: Sep 2016
Reputation: 14
#3
Sep-21-2018, 12:41 AM
i look forward to your examples. what i want to do is in a project that will have several processes and needs root, to limit the processes that have root powers to just those that need it (1 or 2). if i can figure out how to have my script get the file data when the tarfile module is extracting a tar archive, or how to have my script provide the data when it is creating a tar archive. the archive can be handled but i also need to handle all the data on the other end, too. this is getting to be a complex project.
Tradition is peer pressure from dead people

What do you call someone who speaks three languages? Trilingual. Two languages? Bilingual. One language? American.
Find
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  suid scripts in python? Skaperen 0 2,155 Sep-29-2019, 10:28 PM
Last Post: Skaperen

Forum Jump:

User Panel Messages

Log Out
My Profile
Pay your profile a visit
User Control Panel
Do some changes on your profile
My Messages
View private messages unread
Avatar
Change avatar
Signature
Change signature
Announcements
Announcement #1 8/1/2020
Announcement #2 8/2/2020
Announcement #3 8/6/2020