运行 python 程序的最佳实践方法,该程序需要任务子集的根权限
[英]Best-Practice way to run a python program that needs root privliges for subset of tasks
问题描述
What is the best-practice way to write a python application where the majority of the code can run as the normal, non-root user -- but where there is at least one function that requires root permissions to execute?
编写 python 应用程序的最佳实践方法是什么,其中大部分代码可以作为普通的非 root 用户运行——但至少有一个 function 需要 root 权限才能执行?
I'm writing a python program where 99% of it can run fine in user-space.我正在编写一个 python 程序,其中 99% 的程序可以在用户空间中正常运行。 But I'm now adding a function that requires root.但是我现在添加了一个需要 root 的 function。 One solution is to just run the whole application as root.一种解决方案是以 root 身份运行整个应用程序。 But that seems unnecessarily dangerous.但这似乎是不必要的危险。
I figured "the right thing to do" would be to spawn some child process (or thread?) that:我认为“正确的做法”是生成一些子进程(或线程?):
- Has root permissions拥有root权限
- Only includes the functions that absolutely require root privileges只包含绝对需要root权限的功能
- Accepts no user input (or at least as little as possible and carefully sanitizes it under a very strict allowlist regex)不接受用户输入(或至少尽可能少地接受并在非常严格的允许列表正则表达式下仔细清理)
But I'm not exactly sure how to do all of this.但我不确定如何做所有这些。 And maybe there's other best-practices that I'm not considering?也许还有其他我没有考虑的最佳实践?
Consider the following example code.考虑以下示例代码。
Note I'm just using sockets because binding to a port >= 1024 can be done as a normal user, but binding to any port < 1024 requires root privileges.
#!/usr/bin/env python3
import socket
def main():
user_operation()
root_operation()
def user_operation():
sock = socket.socket( socket.AF_INET, socket.SOCK_STREAM )
sock.bind( ('localhost', 2222) )
def root_operation():
sock = socket.socket( socket.AF_INET, socket.SOCK_STREAM )
sock.bind( ('localhost', 22) )
if __name__ == "__main__":
main()
If I run the above program as the normal, unprivliged user then I get a Permission denied error如果我以普通的非特权用户身份运行上述程序,则会出现Permission denied的错误
user@host:~$ ./spawn_root_child.py
Traceback (most recent call last):
File "/home/user/tmp/python_spawn_root_child/./spawn_root_child.py", line 18, in <module>
main()
File "/home/user/tmp/python_spawn_root_child/./spawn_root_child.py", line 7, in main
root_operation()
File "/home/user/tmp/python_spawn_root_child/./spawn_root_child.py", line 15, in root_operation
sock.bind( ('localhost', 22) )
PermissionError: [Errno 13] Permission denied
user@host:~$
But if I run it as root, it runs fine但如果我以 root 身份运行它,它运行良好
user@host:~$ sudo ./spawn_root_child.py
user@host:~$
How can I update the above code so that it follows security best-practices, including the principle of least privilege ?我如何更新上述代码以使其遵循安全最佳实践,包括最小特权原则?
Edit I'm looking for something that is:
- Robust (it would apply to small CLI scripts as well as large GUI applications)
- Cross-Platform (it should work in Linux, Windows, MacOS, and my python-powered toaster)
- Pythonic (following Python's best-practices)
1 个解决方案
解决方案1
1 2022-10-02 03:30:13
If you are running your Python program in Linux, you can write a bash script and execute your Python code from inside it.如果您在 Linux 中运行您的 Python 程序,您可以编写一个 bash 脚本并从其中执行您的 Python 代码。
You can run your script as a non-root user, then raise privileges to root via sudo python3 script.py您可以以非 root 用户身份运行脚本,然后通过sudo python3 script.py将权限提升到 root
Using sudo only in front of commands that require root is the best way because Linux will switch back to the regular user this way.仅在需要 root 的命令前使用sudo是最好的方法,因为 Linux 将以这种方式切换回普通用户。 (The worst way in my opinion is using sudo su in which you would need to execute exit to manually leave root!) (我认为最糟糕的方法是使用sudo su ,您需要执行exit才能手动离开 root!)
I would suggest separating your code into separate scripts, ones that do not require root and the one that needs root.我建议将您的代码分成单独的脚本,一个不需要 root,一个需要 root。 This way you do not need to unnecessarily need to run sudo script.py for scripts that do not need root.这样您就不需要为不需要 root 的脚本不必要地运行sudo script.py 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.