Creating a setuid script
Donn Cave
donn at u.washington.edu
Fri Jul 21 15:46:01 EDT 2000
Quoth Jurgen Defurne <defurnj at glo.be>:
| I am busy writing some scripts, which should be setuid root (several
| users should be
| able to modify the contents of a file, which is under root control).
|
| The main problem is that setuid root doesn't seem to work with a Python
| script. If i have
| two programs :
|
| rwsr-xr-x .... tu.pl (obviously Perl)
| rwsr-xr-x .... tu.py (the same in Python)
|
| then the perl script reports UID and EUID as 0 and 1000 (or reverse,
| they are DIFFERENT),
| but the Python script reports 1000 and 1000 (a further test to open a
| root owned file in
| read mode raises an exception).
The Python interpreter is normal in this respect. For another example,
try a shell script - the shell won't be able to assume root privileges
through a setuid bit on the script file. Python can't either.
Perl accomplishes this through a special gimmick of a setuid-root
interpreter installed along with the normal one. This is an extremely
risky business. I'm sure the author of Perl has done what needed to
be done to make it tolerable, but that work has not been done with
Python and probably never will be.
When I need setuid privilege, I write that part in C and assign the
setuid privilege to that executable, then invoke it from Python.
Donn Cave, donn at u.washington.edu
More information about the Python-list
mailing list