以root身份执行Python脚本(seteuid vs c-wrapper)
[英]Execute Python Script as Root (seteuid vs c-wrapper)
问题描述
I have a quick one off task in a python script that I'd like to call from Django (www user), that's going to need to root privileges. 
我在python脚本中有一个快速的一次性任务,我想从Django(www用户)调用,这将需要root权限。
At first I thought I would could use Python's os.seteuid() and set the setuid bit on the script, but then I realized that I would have to set the setuid bit on Python itself, which I assume is big no no. 起初我以为我可以使用Python的os.seteuid()并在脚本上设置setuid位,但后来我意识到我必须在Python本身上设置setuid位,我认为这是大不了。 From what I can tell, this would also be the case if using sudo, which I really would like to avoid. 据我所知,如果使用sudo,情况也是如此,我真的很想避免。
At this point, I'm considering just writing a C wrapper the uses seteuid and calls my python script as root, passing the necessary arguments to it. 在这一点上,我正在考虑编写一个C包装器使用seteuid并以root身份调用我的python脚本,并将必要的参数传递给它。
Is this the correct thing to do or should I be looking at something else? 这是正确的做法还是我应该看别的东西?
3 个解决方案
解决方案1
14 已采纳 2011-10-03 19:12:35
sudo does not require setuid bit on Python. sudo在Python上不需要setuid位。 You can enable sudo for one command only, no arguments: 您可以仅为一个命令启用sudo,不启用任何参数:
www ALL=(ALL) NOPASSWD: /root/bin/reload-stuff.py ""
This would be secure if your script does not take any arguments, cannot be overridden by www user, and sudo does "env_reset" (the default in most distros). 如果您的脚本不接受任何参数,不能被www用户覆盖,并且sudo执行“env_reset”(大多数发行版中的默认设置),这将是安全的。
You can accept arguments, but be very careful with them -- do not take output filenames, make sure you verify all inputs. 你可以接受参数,但要小心它们 - 不要输出文件名,确保你验证所有输入。 In this case, remove "" from the end of sudo line. 在这种情况下,从sudo行的末尾删除“”。
解决方案2
3 2011-10-03 19:06:53
The correct thing is called privilege separation: clearly identify minimal set of tasks which have to be done on elevated privileges. 正确的事情称为权限分离:清楚地标识必须在提升的权限上完成的最小任务集。 Write a separate daemon and an as much limited as possible way of communicating the task to do. 编写一个单独的守护进程和尽可能有限的方式来传达要执行的任务。 Run this daemon as another user with elevated privileges. 以具有提升权限的另一个用户身份运行此守护程序。 A bit more work, but also more secure. 多一点工作,但也更安全。
EDIT: using a setuid-able wrapper will also satisfy the concept of privilege separation, although I recommend having the web server chrooted and mounting the chrooted file system nosuid (which would defeat that). 编辑:使用setuid-able包装器也将满足特权分离的概念,虽然我建议让网络服务器chrooted并安装chrooted文件系统nosuid(这将失败)。
解决方案3
1 2011-10-03 19:06:30
sudo allows you to limit arguments passed to the program. sudo允许您限制传递给程序的参数。 From man sudoers : 从man sudoers :
john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
On the ALPHA machines, user john may su to anyone except root but
he is not allowed to specify any options to the su(1) command.
So use sudo. 所以使用sudo。 Of course you need to be extra careful with root access – make sure only root can modify the script itself and any parent directories, and that the script is safe and only does the absolute minimum that needs to be run as root. 当然,您需要特别注意root访问权限 - 确保只有root可以修改脚本本身和任何父目录,并且脚本是安全的,并且只需要以root身份运行的绝对最小值。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.