[Tutor] making proigress [using sudo with Python scripts]

Kirk Bailey idiot1@netzero.net
Thu Dec 19 01:27:01 2002 

Right now I have a crontab set to run newaliass every 30 minutes, but after 
getting the thing to referr to the aliases file with a soft link, bypassing a 
bigheadache, I would rather get the script to handle the task RIGHT NOW and 
not have to wait. But you are right, this is no longer kiddyland we are 
playing with.

Oh- I just installed sudo. (yay, rah, first time I did something like that, no 
helper, read the flipping manual on doing it first, ftp from within the 
server, got the tarball, did the entire thing. I'm pleased with myself.) And 
when I told my cohosting provoder, a good friend, he had a minor security 
keniption, and told me he has to pay more attention to INTERNAL network 
security now. Hmm, reassuring statement.

But clarify a issue for me. Here is an error from the log:
f1 = open('./lists/aliases.tinylist','r')	#180 open the aliases file
IOError: [Errno 2] No such file or directory: './lists/aliases.tinylist'

strange. Does open not accept relative path names? I suppose I COULD whip up 
the absolute path, other scripts do, but will this not accept relative path 
declarations?



Danny Yoo wrote:
> 
> On Wed, 18 Dec 2002, Kirk Bailey wrote:
> 
> 
>>But here's a brainbuster: how do we get a nobody owned and run script to
>>issue and execute the 'newaliases' command?
> 
> 
> Hi Kirk,
> 
> This isn't really too Python related, (but then, we've been way off
> tangent recently... *grin*).
> 
> In Unix, a program takes on the privileges of the user who executes the
> program.  If we're not taking Unix's setuid/setgid mechanisms into
> account, then it really doesn't matter who "owns" the program, but it's
> more important who "runs" it.
> 
> 
> You should probably be using 'sudo' or something like it to solve these
> permission problems. The utility 'sudo' grants temporary root privilege to
> normal users:
> 
>     http://www.courtesan.com/sudo/
> 
> There's a nice BSD-oriented tutorial of sudo on O'Reilly's ONLamp.com:
> 
>     http://www.onlamp.com/pub/a/bsd/2002/08/29/Big_Scary_Daemons.html
> 
> By using sudo, you can write Python scripts that do serious system
> administrative tasks like automating the regeneration of the aliases file
> in sendmail.
> 
> 
> I'd discourage a 'setuid' approach to Unix permissions without
> understanding its dangers: there seems to be a constant stream of 'setuid'
> security holes that pop up every so often on the security newsgroups, so
> getting 'setuid' right is not an easy thing to do.  In some cases, there's
> no alternative to a setuid wrapper --- Mailman, for example, uses one ---
> but most any setuid program should be held with suspicion.
> 
> 
> Good luck to you!
> 
> 
> _______________________________________________
> Tutor maillist  -  Tutor@python.org
> http://mail.python.org/mailman/listinfo/tutor
> 
> 


-- 

end

Respectfully,
              Kirk D Bailey


+---------------------"Thou Art Free." -Eris-----------------------+
| http://www.howlermonkey.net  mailto:highprimate@howlermonkey.net |
| KILL spam dead!      http://www.scambusters.org/stopspam/#Pledge |
| http://www.tinylist.org  +--------+   mailto:grumpy@tinylist.org |
+------------------Thinking| NORMAL |Thinking----------------------+
                            +--------+

---------------------------------------------
Introducing NetZero Long Distance
1st month Free!
Sign up today at: www.netzerolongdistance.com