> http://hal.freedesktop.org/docs/polkit/pkexec.1.html
> http://hal.freedesktop.org/docs/polkit/polkit.8.html
> http://www.freedesktop.org/wiki/Software/PolicyKit
>
> A python package:
>
> http://pypi.python.org/pypi?:action=search&term=polkit&submit=search
>
> But there is example python code here
On 18 February 2011 20:23, Alexander Kapps wrote:
...
> Don't know if this helps you, but at least for CentOS 5.4, gksudo is
> available in the gksu package from rpmforge.
It looks as though policykit includes similar functionality, namely
the command pkexec replaces gksudo:
http://hal.freedeskt
On 18 February 2011 20:21, Alexander Kapps wrote:
...
> IIUC, than SELinux can also help, since it allows program-specific
> permissions. But I could easily be wrong here since I have yet to really
> learn SElinux.
Who has, LOL! If you could post a (very very) quick 'I don't have a
PhD in comput
On 18.02.2011 15:42, GSO wrote:
I note that policykit was created by redhat, and that RHEL6 does not
include gksudo in with its gnome for some odd reason.
Don't know if this helps you, but at least for CentOS 5.4, gksudo is
available in the gksu package from rpmforge.
--
http://mail.python.o
On 18.02.2011 15:22, Adam Skutt wrote:
On Feb 18, 9:04 am, Ricardo Aráoz wrote:
Many a time I have wanted to allow access to certain privileges to a user but
*only*
through a program. As far as security is concerned it would be enough
that only root has permission to give the said program run
was:
I'm sure this question is as old as time, but what is the best way to
gain root privileges? (Am using Python 2.6.5, pygtk2 v2.16, Gtk
v2.18.9, on RHEL6.)
To which I would say, redesign the app so that you do not need root
privileges. There has been plentiful advice in this thread al
On 17 February 2011 18:39, Adam Skutt wrote:
...
> As Terry suggests (and I fully concur), all of these issues are best
> solved by having a privileged daemon (though it may not need to be
> root or entirely root).
>
I think this could be done more or less with the multiprocessing module:
http:/
On Feb 18, 9:04 am, Ricardo Aráoz wrote:
> I've always asked myself why can't a program be used by users of a
> certain group but run with the privileges of some other user, not
> necessarily the one that uses it, but one created specifically for the
> tasks the program is responsible for.
>
> AF
On 17/02/2011 06:46 p.m., Steven D'Aprano wrote:
On Thu, 17 Feb 2011 19:44:20 +, Katie T wrote:
Running any kind of script sudo'd is a bad idea, it's very very hard (in
many cases impossible) to do securely. Root permissions in general
should only be used for what they're needed for and not
> Come to think of it, I would first consider creating a 'cctv' user that owns
> the cameras and storage directories, and files and only do anything as root
> if absolutely necessary.
>
You can run 'sudo -g [group] ...', so no need to go near root.
>
> Running any kind of script sudo'd is a bad i
>
> Could restarts and cleanups be done with a root daemon separate from user
> scripts?
>
I like the idea of a user creating a login as you do typically with
client/server progs, no need to have the root password all the time:
http://www.python.org/dev/peps/pep-3143/
http://pypi.python.org/pypi/
On Thu, 17 Feb 2011 19:44:20 +, Katie T wrote:
> Running any kind of script sudo'd is a bad idea, it's very very hard (in
> many cases impossible) to do securely. Root permissions in general
> should only be used for what they're needed for and nothing else (that
> means getting the permission
On 2/17/2011 1:39 PM, Adam Skutt wrote:
On Feb 17, 10:32 am, GSO wrote:
I'm having a awfully hard time figuring out why a home CCTV
application might need privilege at all. Are you sure you really need
privilege? It sounds to me like there may be some larger design
issues mandating the need f
On Wed, Feb 16, 2011 at 9:26 PM, GSO wrote:
> I'm sure this question is as old as time, but what is the best way to
> gain root privileges? (Am using Python 2.6.5, pygtk2 v2.16, Gtk
> v2.18.9, on RHEL6.)
>
Running any kind of script sudo'd is a bad idea, it's ve
On Feb 17, 10:32 am, GSO wrote:
> > I'm having a awfully hard time figuring out why a home CCTV
> > application might need privilege at all. Are you sure you really need
> > privilege? It sounds to me like there may be some larger design
> > issues mandating the need for privilege when it's not
On 2/17/2011 10:32 AM, GSO wrote:
I'm having a awfully hard time figuring out why a home CCTV
application might need privilege at all. Are you sure you really need
privilege? It sounds to me like there may be some larger design
issues mandating the need for privilege when it's not really
necess
> I'm having a awfully hard time figuring out why a home CCTV
> application might need privilege at all. Are you sure you really need
> privilege? It sounds to me like there may be some larger design
> issues mandating the need for privilege when it's not really
> necessary.
>
A user login shoul
On Feb 16, 10:43 pm, GSO wrote:
> OK, so I'm heading towards sudo then, aiming to make sure I don't
> screw up the configuration. This is a home CCTV application, so I
> want things as secure as possible. A setgid wrapper would require the
> kind of skilled programming that I couldn't do myself
On Thu, Feb 17, 2011 at 2:12 AM, Dan Stromberg wrote:
>
> On Wed, Feb 16, 2011 at 6:59 PM, Adam Skutt wrote:
>> On Feb 16, 9:00 pm, Dan Stromberg wrote:
>>> So yeah, whether you use perl or anything else invoked with #!, you're
>>> pretty much better off with sudo, or a tiny C wrapper that's so
On Wed, Feb 16, 2011 at 6:59 PM, Adam Skutt wrote:
> On Feb 16, 9:00 pm, Dan Stromberg wrote:
>> So yeah, whether you use perl or anything else invoked with #!, you're
>> pretty much better off with sudo, or a tiny C wrapper that's so simple
>> it's hard to get wrong.
>
> UNIX makes this almost i
On Wed, Feb 16, 2011 at 6:10 PM, GSO wrote:
>> pretty much better off with sudo, or a tiny C wrapper that's so simple
>> it's hard to get wrong. However, perl's taint feature would be useful
>
> This snippet is about as tiny as it gets in C I think:
Well, it could be tinier really, and actually,
I essentially don't want to take a risk with a home CCTV prog., so
unless I can persuade a highly skilled Unix programmer to write a
wrapper (which I can't), then I think I'm best sticking with sudo.
--
http://mail.python.org/mailman/listinfo/python-list
>
> Passing things through sudo(1) is really the only sensible route these
> days but even that can be fraught with peril. For something as simple
> as, 'Write to a normally restricted area' it's probably no more secure
> than an ACL (and potentially way less if you screw up the sudo
> configurati
On Thu, 17 Feb 2011 01:47:10 +0100, Alexander Kapps wrote:
>> Having said that I'm possibly arriving at the conclusion that a quick
>> perl script might be the simplest/easiest and most secure option - I
>> read perl includes code to safely run suid perl scripts - will dig out
>> my perl tomes.
>
On Feb 16, 9:00 pm, Dan Stromberg wrote:
> So yeah, whether you use perl or anything else invoked with #!, you're
> pretty much better off with sudo, or a tiny C wrapper that's so simple
> it's hard to get wrong.
UNIX makes this almost impossible unless your wrapper is cooperative
with whatever p
On Feb 16, 8:40 pm, GSO wrote:
> Apols for being a nuisance. I'm normally if anything a web programmer.
>
> It looks like there are set-id functions in the os module. Further I
> don't actually need root privileges, just write access to a directory
> that a user ordinarily does not have write ac
> pretty much better off with sudo, or a tiny C wrapper that's so simple
> it's hard to get wrong. However, perl's taint feature would be useful
This snippet is about as tiny as it gets in C I think:
#include
int main (int argc, char ** argv) {
int err;
char *newenv[] = { NULL };
if ((err =
On Wed, Feb 16, 2011 at 4:47 PM, Alexander Kapps wrote:
> On 17.02.2011 01:00, GSO wrote:
>> Having said that I'm possibly arriving at the conclusion that a quick
>> perl script might be the simplest/easiest and most secure option - I
>> read perl includes code to safely run suid perl scripts - wi
Apols for being a nuisance. I'm normally if anything a web programmer.
It looks like there are set-id functions in the os module. Further I
don't actually need root privileges, just write access to a directory
that a user ordinarily does not have write access to (and preferably
not read). So a
On 17.02.2011 01:00, GSO wrote:
OK, thanks for the tips.
gksu* does not seem to be included with RHEL6 Desktop (though there is
a package called beesu)
On RHEL try consolehelper/userhelper instead which need additional
configuration.
The philosophy at the end of the day I think
is do your
perl tomes.
G.
On 16 February 2011 22:45, Emile van Sebille wrote:
> On 2/16/2011 1:26 PM GSO said...
>>
>> I'm sure this question is as old as time, but what is the best way to
>> gain root privileges? (Am using Python 2.6.5, pygtk2 v2.16, Gtk
>> v2.18.9, o
On 2/16/2011 1:26 PM GSO said...
I'm sure this question is as old as time, but what is the best way to
gain root privileges? (Am using Python 2.6.5, pygtk2 v2.16, Gtk
v2.18.9, on RHEL6.)
have root's password?
Emile
--
http://mail.python.org/mailman/listinfo/python-list
On 16.02.2011 23:02, Ian Kelly wrote:
On Wed, Feb 16, 2011 at 2:29 PM, Daniel Mahoney wrote:
On Wed, 16 Feb 2011 21:26:26 +, GSO wrote:
I'm sure this question is as old as time, but what is the best way to
gain root privileges? (Am using Python 2.6.5, pygtk2 v2.16, Gtk
v2.18.9, on
On Wed, 16 Feb 2011 21:26:26 +, GSO wrote:
> I'm sure this question is as old as time, but what is the best way to
> gain root privileges? (Am using Python 2.6.5, pygtk2 v2.16, Gtk
> v2.18.9, on RHEL6.)
>
> Ta,
>
>
> G.
>
> gmotion
> PyGTK desktop GU
On Wed, Feb 16, 2011 at 2:29 PM, Daniel Mahoney wrote:
> On Wed, 16 Feb 2011 21:26:26 +, GSO wrote:
>
>> I'm sure this question is as old as time, but what is the best way to
>> gain root privileges? (Am using Python 2.6.5, pygtk2 v2.16, Gtk
>> v2.18.9, on RHE
On Wed, 16 Feb 2011 15:29:53 -0600, Daniel Mahoney wrote:
> On Wed, 16 Feb 2011 21:26:26 +, GSO wrote:
>
>> I'm sure this question is as old as time, but what is the best way to
>> gain root privileges? (Am using Python 2.6.5, pygtk2 v2.16, Gtk
>> v2.18
On Wed, 16 Feb 2011 21:26:26 +, GSO wrote:
> I'm sure this question is as old as time, but what is the best way to
> gain root privileges? (Am using Python 2.6.5, pygtk2 v2.16, Gtk
> v2.18.9, on RHEL6.)
Gain root privileges for a script? Write a c wrapper to call the script,
I'm sure this question is as old as time, but what is the best way to
gain root privileges? (Am using Python 2.6.5, pygtk2 v2.16, Gtk
v2.18.9, on RHEL6.)
Ta,
G.
gmotion
PyGTK desktop GUI for Motion (software motion detector)
http://code.google.com/p/gmotion/
--
http://mail.python.org/ma
38 matches
Mail list logo
