您如何以“ root”身份临时运行代码?
[英]How do you temporary run your code as 'root'?
问题描述
RELATED: Python multiprocessing: Permission denied 
相关: Python多处理:权限被拒绝
I want to use Python's multiprocessing.Pool 我想使用Python的multiprocessing.Pool
import multiprocessing as mp
pool = mp.Pool(3)
for i in range(num_to_run):
pool.apply_async(popen_wrapper, args=(i,), callback=log_result)
I get OSError 我收到OSError
File "/usr/local/lib/python2.6/multiprocessing/__init__.py", line 178, in RLock
return RLock()
File "/usr/local/lib/python2.6/multiprocessing/synchronize.py", line 142, in __init__
SemLock.__init__(self, RECURSIVE_MUTEX, 1, 1)
File "/usr/local/lib/python2.6/multiprocessing/synchronize.py", line 49, in __init__
sl = self._semlock = _multiprocessing.SemLock(kind, value, maxvalue)
OSError: [Errno 13] Permission denied
I read in the related question that it's due to not having r/w to /dev/shm 我在相关问题中读到,这是由于没有对/ dev / shm的读/写
Besides changing the permission in /dev/shm , is there a way to run as root in the code? 除了更改/dev/shm的权限之外,还可以在代码中以root身份运行吗?
I initially thought you could do something like os.umask() but it didnt work 我最初以为您可以做类似os.umask()但是它没有用
EDIT (rephrasing the question): 编辑(改写问题):
- let's say a username A has r/w access to directory A 假设用户名A具有对目录A的读/写访问权限
- You are user B and your program needs access to directory A. how do you run a program as user A? 您是用户B,您的程序需要访问目录A。如何以用户A的身份运行程序?
1 个解决方案
解决方案1
2 已采纳 2015-12-15 05:02:57
In order from the least dangerous to the most dangerous. 从最小危险到最大危险。
You can try dropping permissions as John Zwinck suggested.
您可以尝试按照John Zwinck的建议删除权限。 Basically you would start the program with root level permissions, immediately do what you need to do, and then switch to a non-root user. 基本上,您将使用root级权限启动程序,立即执行所需的操作,然后切换到非root用户。 From this StackOverflow .
从此StackOverflow中 。 import os, pwd, grp def drop_privileges(uid_name='nobody', gid_name='nogroup'): if os.getuid() != 0: # We're not root so, like, whatever dude return # Get the uid/gid from the name running_uid = pwd.getpwnam(uid_name).pw_uid running_gid = grp.getgrnam(gid_name).gr_gid # Remove group privileges os.setgroups([]) # Try setting the new uid/gid os.setgid(running_gid) os.setuid(running_uid) # Ensure a very conservative umask old_umask = os.umask(077)You could also require the credentials for the root user to be inputed into the script, and then only use them when they are required.
您还可以要求将root用户的凭据输入到脚本中,然后仅在需要时使用它们。 subprocess.call("sudo python RunStuffWithElevatedPrivelages.py") #From here, the main script will continue to run without root permissionsOr if you don't want the script to prompt the user for the password you can do
或者,如果您不希望脚本提示用户输入密码,则可以执行此操作 subprocess.call("echo getRootCredentials() | sudo -S python RunStuffWithElevatedPrivelages.py")Or you could just run the entire program as a root user --
sudo python myScript.py.或者,您可以仅以root用户身份运行整个程序sudo python myScript.py。
As far as temporarily giving users root permission to /dev/shm only when they run your script, the only thing I could think of was having some script that runs in the background under the root user that can temporarily grant anyone who uses your script root privileges to /dev/shm. 至于仅在用户运行脚本时才临时授予他们对/ dev / shm的root权限,我唯一想到的就是让某些脚本在root用户下在后台运行,该脚本可以临时授予使用脚本root的任何人/ dev / shm的特权。 This could be done through using setuid to grant such permissions and then after a certain amount of time or if the script ends the privilege is taken away. 这可以通过以下方法完成:使用setuid授予此类权限,然后在一定时间后,或者如果脚本结束,则特权被取消。 My only concern would be if there is a way a user who has temporarily been given such permissions might be able to secure more permanent privileges. 我唯一关心的是,是否有一种方法可以暂时授予用户此类权限,使其能够获取更多永久性特权。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.