How to start a privileged process through web on the server?
Question
I have created a web-app using Python Flask framework on Raspberry Pi running Raspbian. I want to control the hardware and trigger some sudo tasks on the Pi through web.
The Flask based server runs in non-sudo mode listening to port 8080. When a web client sends request through HTTP, I want to start a subprocess with sudo privileges. (for ex. trigger changes on gpio pins, turn on camera etc.). What is the best practice for implementing this kind of behavior?
The webserver can ask for sudo password to the client, which can be used to raise the privileges. I want some pointers on how to achieve this.
2 answers
solution1
0 2014-05-04 09:56:43
Best practice is to never do this kind of thing. If you are giving sudo access to your pi from internet and then executing user input you are giving everyone in the internet the possibility of executing arbitrary commands in your system. I understand that this is probably your pet project, but still imagine someone getting access to your computer and turning camera when you don't really expect it.
solution2
0 2014-05-04 10:14:36
Create a separate process that does the actual work for you. You can run this process in the background with elevated privileges.
Your web client will just deposit tasks for this process in a queue. This can be as simple as a database to which your Flask app writes a "task request", the other, privileged process reads this request, performs the action, and updates the databases.
This concept isn't new, so there are multiple brokers and task queues that you can use. Celery is popular with Python developers and is easily integrated into your application.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.