+- Python Forum (https://python-forum.io)
+-- Forum: General (https://python-forum.io/forum-1.html)
+--- Forum: News and Discussions (https://python-forum.io/forum-31.html)
+--- Thread: running py3 scripts as root (/thread-23169.html)
running py3 scripts as root - Skaperen - Dec-14-2019
i have a few scripts, all in Python3, that i want to be able to run with root effective uid permissions.
i am still pondering how to go about doing this. my current thinking is to use a C program to verify user rights and run the actual script with root euid enabled if appropriate. of absolute importance is not to open a means for any user to be able to run unauthorized scripts/programs of their choice or their ways with any form of escalated privilege. that C program would be where root privilege is acquired. it would then consult a configuration file to verify that user is permitted to do what is requested. i am wondering if it is safe for that C program to just run a Python3 script to do the verification logic. normally, making a script euid root is unsafe since the hash-bang method with an interpreter is unsafe since it is possible to substitutes the script name an escalated interpreter gets. if a C program has a hard-coded path for the interpreter and script, then it is up to the C program to do it right. that much is simple to do. so my next question is: how safe is it to run the correct Python script via the correct interpreter, with euid root privileges?
RE: running py3 scripts as root - Gribouillis - Dec-14-2019
Skaperen Wrote:that C program would be where root privilege is acquired.How would root privilege be acquired?
RE: running py3 scripts as root - Skaperen - Dec-15-2019
the C program executable would be set to run euid as the owner of the file, and be owned by root. being a binary, there is no opportunity to substitute a different script before the interpreter opens it.
RE: running py3 scripts as root - wavic - Dec-17-2019
Changing file permitions, sudoers?
RE: running py3 scripts as root - Skaperen - Dec-18-2019
my look at this is broader that how root privileges are acquired.