Call a shell command from Python (was: Calling Bash Command From Python)
Chris Angelico
rosuav at gmail.com
Mon Oct 31 00:55:21 EDT 2016
On Mon, Oct 31, 2016 at 3:44 PM, Ben Finney <ben+python at benfinney.id.au> wrote:
> Note that ‘sudo’ is specifically designed to be invoked interactively,
> seeking to verify that the current user has credentials to run the
> command.
>
> Note further that ‘sudo’ will record when the *current user session*
> last invoked ‘sudo’ and seek re-verification if that is too long in the
> past.
>
> Both of these are security measures, and are designed to avoid
> non-interactive use of ‘sudo’. Rather, it's meant to be used
> interactively by a real, present human with credentials to run the
> command.
I don't know that non-interactive sudo is so bad a thing. In fact,
sudo has a --non-interactive option that appears specifically designed
for this kind of thing - it causes the command to fail rather than
prompt. You can configure a sudoers file to allow passwordless
execution of specific commands, and then permit scripts to elevate
privileges in very limited ways, safely.
ChrisA
More information about the Python-list
mailing list