Florian Lindner wrote: > Paul Rubin wrote: > >> - sort of similar: have a separate process running that knows the >> password (administrator enters it at startup time). That process >> listens on a unix socket and checks the ID of the client. It reveals >> the password to authorized clients, i.e. your readable script running >> under sudo. This keeps the password from ever being stored on disk. >> >> - Modify the script itself to run as a long-running service instead >> of as something that gets started and restarted all the time. Have >> an admin start it and type the password into it at startup time. >> Users then connect to it (maybe with a web browser) and send it >> commands. >> >> - Move the user operations from the script to server side database >> procedures that do their own validity checking. Then you don't need >> a password. > > I'll evaluate the 3 ideas above further.
I'm surprised there are no building blocks for a sudo replacement in the UNIX world, at least I googled and couldn't find them. Basically you need to split you script into two parts: priveledged server and user client. They can talk xml-rpc over unix socket. If you need performance you can also open another socket for sending huge binary objects. With regards to clear text password and admin, you can only obfuscate or make it hard to obtain the password. It's just to keep honest admins honest. Same story on windows, btw. Serge. -- http://mail.python.org/mailman/listinfo/python-list
