challenging problem for changing to a dedicated non-privileged user within a script.
paul
paul at subsignal.org
Thu Jul 23 07:50:47 EDT 2009
Krishnakant schrieb:
> On Thu, 2009-07-23 at 00:17 +0200, Piet van Oostrum wrote:
>> Being a sudoer is not a privilege to issue the os.setuid system call. It
>> is only a permission to use the sudo command.
>>
> Yes, So I would like to know if python can change the user to some other
> non-privileged user during the script execution?
If the user running python program is allowed to call setuid() then yes.
>
>>> K> I tryed using subprocess but that did not help me either. I tryed sudo
>>> K> su into the Popen command but it throws me into the terminal (shell)
>>> K> with postgres as the user.
>> You could execute the command:
>> sudo -u postgres required_command
>> with subprocess.
>>
> Ok, but the problem is much more complex.
No.
> What if I want to do the following.
> 1, change the user for a particular script to the postgres user.
Did you try running "sudo -u postgres blabla" with subprocess?
> 2. now execute the python code for connecting to the postgresql
> database.
> In the second point I actually want to execute python code not shell
> level command so will the sudo -u in the subprocess.Popen change the
> user in the script?
No, as the name "subprocess" suggests you are spawning a new process
which gets another uid through sudo. This does not affect the parent
process.
hth
Paul
More information about the Python-list
mailing list