On Feb 4, 2:05 pm, Tomas Pelka <tompe...@gmail.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hey, > > is there possibility how to run part of my code (function for example) > as superuser. > > Or only way how to do this is create a wrapper and run is with Popen > through sudo (but I have to configure sudo to run "whole" python as root).
In decreasing order of desirability: 1. Find a way to not need root access (e.g. grant another user or group access to whatever resource you're trying to access). 2. Isolate the stuff that needs root access into a small helper program that does strict validation of all input (including arguments, environment, etc); when needed, run that process under sudo or similar. 2a. Have some sort of well-verified helper daemon that has access to the resource you need and mediates use of that resource. 3. Run the process as root, using seteuid() to switch between user and root privs. The entire program must be heavily verified and do strict validation of all inputs. Any attacker who gets control over the process can easily switch to root privs and do damage. This is generally a bad idea. -- http://mail.python.org/mailman/listinfo/python-list
