On Mar 30, 1:16 pm, Rustom Mody <rustompm...@gmail.com> wrote: > Ben Finney wrote > > > The key thing to realise is that, having relinquished privilege, the same > > process can't get it back again as easily. So if you need to > > do some tasks as a privileged user, do those *very* early and then drop the > > privileges for the rest of the life of the process. > > > Taking this further, you should isolate exactly what tasks need root > > privilege into a separate process altogether, and make > > that process as well-tested and simple as possible: it should do nothing > > *but* those tasks for which it needs root privilege. > > I dont think this would be easy or convenient (if at all possible) in my case. > > I am trying to write a tiny web based application that will give an > overall picture of LVM, Volume groups, Raid, SCSI and the underlying > disk partitions. The administrative tools dealing with low level > storage stack (e.g. fdisk, pvcreate, vgcreate, lvcreate, mdadm etc.) > need to be run as root. > > However since this runs behind apache. Apache creates a separate user > for the webserver. Hence the CGI scripts or any other tools that they > call run as that user. > > The solution currently is > - Write the CGI program in C, put setuid(0), setgid(0) statements in > that file and then perform any other actions (including calling other > scripts) > - Set the S bit of the executable of the CGI binary compiled from the > C file (chmod +S xxx.cgi) > > Yeah yeah "Security! HOLE!!" etc but please note that this is running > on linux on vmware on an otherwise secure system. > > So whats the best way of doing this in python?
Have a 'server process' running with root privilege ( a script started by a privileged account) and implement a protocol to ask for system info from your cgi scripts under apache. In python this is a lot easier than it sounds. The simplest case would be that to send a 'system command' to the server through a unix socket, the server executes the command as received and returns the command output. Not more than a day work, I believe. Not much more secure that a setuid python script, also, maybe less :-) A better implementation would be such that the protocol only allows for a set of pre-defined safe requests ... Ciao ------ FB Ciao ------ FB -- http://mail.python.org/mailman/listinfo/python-list
