您如何以"root"身份临时运行代码? [英] How do you temporary run your code as 'root'?

问题描述

相关: Python多处理:权限被拒绝

我想使用Python的multiprocessing.Pool

I want to use Python's multiprocessing.Pool

import multiprocessing as mp
pool =  mp.Pool(3)
for i in range(num_to_run):
    pool.apply_async(popen_wrapper, args=(i,), callback=log_result)

我收到OSError

I get OSError

  File "/usr/local/lib/python2.6/multiprocessing/__init__.py", line 178, in RLock
    return RLock()
  File "/usr/local/lib/python2.6/multiprocessing/synchronize.py", line 142, in __init__
    SemLock.__init__(self, RECURSIVE_MUTEX, 1, 1)
  File "/usr/local/lib/python2.6/multiprocessing/synchronize.py", line 49, in __init__
    sl = self._semlock = _multiprocessing.SemLock(kind, value, maxvalue)
OSError: [Errno 13] Permission denied

我在相关问题中读到，这是由于没有对/dev/shm的读/写

I read in the related question that it's due to not having r/w to /dev/shm

除了在/dev/shm中更改权限之外，还有没有办法在代码中以root用户身份运行?

Besides changing the permission in /dev/shm, is there a way to run as root in the code?

我起初以为您可以做类似os.umask()的操作，但是它没有用

I initially thought you could do something like os.umask() but it didnt work

编辑(重述问题):

• 假设用户名A具有对目录A的读/写访问权限
• 您是用户B，您的程序需要访问目录A.如何以用户A的身份运行程序?

推荐答案

从危险最小到危险最大的顺序.

In order from the least dangerous to the most dangerous.

1. 您可以尝试按照John Zwinck的建议删除权限. 基本上，您将使用root级权限启动程序， 立即执行所需的操作，然后切换到非root用户 用户.

1. You can try dropping permissions as John Zwinck suggested. Basically you would start the program with root level permissions, immediately do what you need to do, and then switch to a non-root user.

来自此StackOverflow .

import os, pwd, grp

def drop_privileges(uid_name='nobody', gid_name='nogroup'):
if os.getuid() != 0:
# We're not root so, like, whatever dude
return

# Get the uid/gid from the name
running_uid = pwd.getpwnam(uid_name).pw_uid
running_gid = grp.getgrnam(gid_name).gr_gid

# Remove group privileges
os.setgroups([])

# Try setting the new uid/gid
os.setgid(running_gid)
os.setuid(running_uid)

# Ensure a very conservative umask
old_umask = os.umask(077)

您还可以要求root用户的凭据为 输入到脚本中，然后仅在 必填.

You could also require the credentials for the root user to be inputed into the script, and then only use them when they are required.

subprocess.call("sudo python RunStuffWithElevatedPrivelages.py")
#From here, the main script will continue to run without root permissions

或者如果您不希望脚本提示用户输入密码，则可以

Or if you don't want the script to prompt the user for the password you can do

subprocess.call("echo getRootCredentials() | sudo -S python RunStuffWithElevatedPrivelages.py")

或者您可以仅以root用户身份运行整个程序-sudo python myScript.py.

至于仅在用户运行脚本时才临时向用户授予对/dev/shm的root权限，我唯一想到的就是让某些脚本在root用户下在后台运行，从而可以临时授予使用该脚本的任何人您对/dev/shm的脚本root特权.这可以通过使用setuid授予此类权限来完成，然后在一定时间后或者如果脚本结束，则特权被取消.我唯一关心的是，是否有一种方法可以使暂时获得此类权限的用户能够获得更多永久性特权.

As far as temporarily giving users root permission to /dev/shm only when they run your script, the only thing I could think of was having some script that runs in the background under the root user that can temporarily grant anyone who uses your script root privileges to /dev/shm. This could be done through using setuid to grant such permissions and then after a certain amount of time or if the script ends the privilege is taken away. My only concern would be if there is a way a user who has temporarily been given such permissions might be able to secure more permanent privileges.

这篇关于您如何以"root"身份临时运行代码?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！