How do I add users using Python scripts on a Linux machine
Sebastian 'lunar' Wiesner
basti.wiesner at gmx.net
Tue Jan 2 13:14:45 EST 2007
Carsten Haese <carsten at uniqsys.com> typed
> On Tue, 2007-01-02 at 17:17 +0100, Sebastian 'lunar' Wiesner wrote:
>> Ravi Teja <webraviteja at gmail.com> typed
>>
>> >
>> > Ivan Voras wrote:
>> >> Ramdas wrote:
>> >> > Well,
>> >> >
>> >> > I need to add users from a web interface for a web server, which
>> >> > runs only Python. I need to add users, set quotas and in future
>> >> > even look at managing ip tables to limit bandwidth.
>> >> >
>> >> > I know os.system(), but this has to be done through a form entry
>> >> > through a web interface.
>> >> >
>> >> > Anyways thanks, do advise if there more pythonic solutions
>> >>
>> >> What you're looking for is actually a pretty complex thing. You
>> >> *could* in theory manage /etc/passwd (and its "shadow" file) - you
>> >> can find crypto primitives like MD5 and DES on the 'net, but note
>> >> that you must run your script under the 'root' account in order to
>> >> write (and even read!) the passwd database. The same goes for
>> >> using os.system and the built-in OS utility. Be aware of security
>> >> implications if you're running your web server under the root
>> >> account.
>> >
>> > How about invoking scripts with SUID root set?
>>
>> Linux seems to ignore SUID bit on scripts:
>
> I don't think that that has anything to do with Linux or not. The
> script is not the actual executable, hence its suid bit is irrelevant.
I don't think so. From what I know, the script is passed as executable
to the kernel loader, which interprets the shebang and feeds the script
through the correct interpreter. So the kernel loader sees the script
itself as executable instead of the interpreter binary. I've heard of
other Unix systems, which handle this differently (meaning that the
SUID bit on scripts has an effect), but I may be wrong.
> You'd have to set the suid bit on the python executable, but that
> would affect all python scripts, which is probably bad.
It _is_ bad!
--
Freedom is always the freedom of dissenters.
(Rosa Luxemburg)
More information about the Python-list
mailing list