以其他用户身份运行python脚本 [英] Running python script as another user
问题描述
在Linux机器上,我想以其他用户身份运行Python脚本.
On a Linux box I want to run a Python script as another user.
由于已经意识到运行脚本的所有权是由python解释器的所有权决定的,因此我已经在C ++中制作了一个调用该脚本的包装程序.之后,我将C ++程序更改为其他用户,然后运行C ++程序.
I've already made a wrapper program in C++ that calls the script, since I've realized that the ownership of running the script is decided by the ownership of the python interpreter. After that I change the C++ program to a different user and run the C++ program.
此设置似乎无效.有什么想法吗?
This setup doesn't seem to be working. Any ideas?
推荐答案
您可以使用os.setuid()设置用户,也可以使用pwd获取uid. 像这样:
You can set the user with os.setuid(), and you can get the uid with pwd. Like so:
>>> import pwd, os
>>> uid = pwd.getpwnam('root')[2]
>>> os.setuid(uid)
很明显,这仅在用户或可执行文件具有许可的情况下才有效.我不知道该如何设置.显然,如果您是root用户,它就可以工作.我认为您可能需要在Python可执行文件上使用setuid标志,这将留下WHOPPING安全漏洞.如果您setuid的用户也是专用的受限用户,除了您需要执行的任何操作之外,该用户什么也不能做,则这是可能的.
Obviously this only works if the user or executable has the permission to do so. Exactly how to set that up I don't know. Obviously it works if you are root. I think you may need to the the setuid flag on the Python executable, and that would leave a WHOPPING security hole. possible that's permittable if the user you setuid too is a dedicated restricted user that can't do anything except whatever you need to do.
基于用户,setuiding和其他内容的Unix安全性不是很好或不实用,并且很容易留下大的安全漏洞.实际上,更安全的选择是使此客户端-服务器无效,因此您有一个妖精可以做所有事情,然后客户端与之对话.这样,该恶魔可以以比用户更高的安全性来运行,但是用户在运行脚本时必须提供名称和密码,或者使用某些公钥/私钥或类似的方式标识自己.
Unix security, based on users and setuiding and stuff, is not very good or practical, and it's easy to leave big security holes. A more secure option is actually to do this client-server typish, so you have a demon that does everything, and the client talks to it. The demon can then run with a higher security than the users, but the users would have to give a name and password when they run the script, or identify themselves with some public/private key or somesuch.
这篇关于以其他用户身份运行python脚本的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
