从需要 root 访问权限的 python 中运行命令 [英] Running commands from within python that need root access

问题描述

我最近一直在玩子进程.随着我做的越来越多；我发现自己需要 root 访问权限.我想知道是否有一种简单的方法可以通过 subprocess 模块为需要它的命令输入 root 密码.所以当我被提示输入密码时，我的脚本并提供它并运行命令.我知道这是一种不好的做法，因为代码将运行在沙盒中并与系统的其余部分分开；我也不想以 root 身份运行.

I have been playing around with subprocess lately. As I do more and more; I find myself needing root access. I was wondering if there is an easy way to enter the root password for a command that needs it with subprocess module. So when I am prompted for the password my script and provide it and run the command. I know this is bad practice by where the code will be running is sandboxed and separate from the rest of the system; I also dont want to be running as root.

如果可能的话，我真的很感激小例子.我知道你可以用expect来做到这一点，但我正在寻找更多以python为中心的东西.我知道 pexpect 存在，但对于这个简单的任务来说有点矫枉过正.

I would really appreciate small example if possible. I know you can do this with expect, but i am looking something more python centric. I know pexpect exsists but its a bit overkill for this simple task.

谢谢.

推荐答案

最好利用 sudo 用于运行 Python 程序的用户.您可以指定可以从 sudo 运行而无需密码的特定命令和参数.下面是一个例子:

It would probably be best to leverage sudo for the user running the Python program. You can specify specific commands and arguments that can be run from sudo without requiring a password. Here is an example:

有很多方法，但我更喜欢将命令集分配给组的方法.因此，假设我们要创建一个组以允许人们以 root 身份运行 tcpdump.因此，让我们将该组称为 tcpdumpers.

There are many approaches but I prefer the one that assigns command sets to groups. So let's say we want to create a group to allow people to run tcpdump as root. So let's call that group tcpdumpers.

首先，您将创建一个名为 tcpdumpers 的组.然后修改/etc/sudoers(使用 visudo 命令):

First you would create a group called tcpdumpers. Then modify /etc/sudoers (using the visudo command):

# Command alias for tcpdump
Cmnd_Alias      TCPDUMP = /usr/sbin/tcpdump

# This is the group that is allowed to run tcpdump as root with no password prompt
%tcpdumpers     ALL=(ALL) NOPASSWD: TCPDUMP

现在添加到 tcpdumpers 组的任何用户都可以像这样运行 tcpdump:

Now any user added to the tcpdumpers group will be able to run tcpdump like this:

% sudo tcpdump 

从那里您可以轻松地将此命令作为 subprocess 运行.

From there you could easily run this command as a subprocess.

这消除了将 root 密码硬编码到您的程序代码中的需要，并且可以精细控制谁可以在您的系统上使用 root 权限运行什么.

This eliminates the need to hard-code the root password into your program code, and it enables granular control over who can run what with root privileges on your system.

这篇关于从需要 root 访问权限的 python 中运行命令的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！