Thank you Jirka, Changed the function to stand alone script and called it with sudo from views.py. that worked and solved my problem.
________________________________ From: Jirka Vejrazka <jirka.vejra...@gmail.com> To: django-users@googlegroups.com Sent: Tuesday, August 14, 2012 1:03:29 PM Subject: Re: invoking a funcion or module as root Hi there, you definitely don't want to allow apache to setuid() to root as you've pointed out. You have a few options, probably the easiest one is to write a pair of scripts for each task you want your application to perform with root privileges. - the first script will only contain "sudo <second_script with the right parameters>" - the second script should contain the necessary step(s) that need to be performed with root privileges. It should be simple to minimize chances for security issues Then you'd configure your sudoers file to allow apache process to call the "second script" *including the right set of parameters* (if applicable) with sudo permissions. You'd then call your "first script" using subprocess() call from your views.py (or whereever appropriate). (you could technically bypass the whole "first script", but it'll greatly improve readability if you do it this way, no one will have to read your python code to match it to your sudoers file if problems occur). Even better solution would be fixing your security model, having a web application perform high-privileged tasks on a system seems flawed in 99% of cases I can think of, but maybe you have a good reason why you need it that way. HTH Jirka -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
