Django 和 root 进程 [英] Django and root processes
问题描述
在我的 Django 项目中,我需要能够使用 ICMP ping 检查 LAN 上的主机是否启动.我找到了 this SO question,它回答了如何在 Python 中 ping 某些东西和 this SO question 链接到资源解释如何使用 sodoers 文件.
In my Django project I need to be able to check whether a host on the LAN is up using an ICMP ping. I found this SO question which answers how to ping something in Python and this SO question which links to resources explaining how to use the sodoers file.
Device 模型存储 LAN 上主机的 IP 地址,并在将新的 Device 实例添加到数据库后(通过自定义视图,而不是管理员) 我设想检查设备是否使用 AJAX 调用对暴露功能的 API 响应 ping.
A Device model stores an IP address for a host on the LAN, and after adding a new Device instance to the DB (via a custom view, not the admin) I envisage checking to see if the device responds to a ping using an AJAX call to an API which exposes the capability.
但是(来自第一个 SO 问题中建议的库的文档字符串)请注意,ICMP 消息只能从以 root 身份运行的进程发送."
However (from the docstring of a library suggested in the the first SO question) "Note that ICMP messages can only be sent from processes running as root."
我不想以 root 用户身份运行 Django,因为这是不好的做法.但是,这部分过程(发送和 ICMP ping)需要以 root 身份运行.如果使用 Django 视图,我希望发送一个 ping 数据包来测试主机的活跃度,那么 Django 本身需要以 root 身份运行,因为这是调用 ping 的过程.
I don't want to run Django as the root user, since it is bad practice. However this part of the process (sending and ICMP ping) needs to run as root. If with a Django view I wish to send off a ping packet to test the liveness of a host then Django itself is required to be running as root since that is the process which would be invoking the ping.
这些是我能想到的解决方案,我的问题是有没有更好的方法来仅以 root 身份执行 Django 项目的选定部分,除了这些:
These are the solutions I can think of, and my question is are there any better ways to only execute select parts of a Django project as root, other than these:
- 以 root 身份运行 Django(请不要!)
- 将ping 请求"放入另一个进程(以 root 身份运行)可以定期检查和执行的队列中.可能类似于 celery.
没有更简单的方法吗?
我想要类似以 root 身份运行 Django"的库,这可能吗?
Is there not a simpler way?
I want something like a "Django run as root" library, is this possible?
推荐答案
绝对不行,千万不要以root身份运行Django代码!
Absolutely no way, do not run the Django code as root!
我会以 root 身份运行守护进程(用 Python 编写,为什么不呢)然后 IPC 在 Django 实例和你的守护进程之间.只要您确定验证内容并正确处理它(例如将 subprocess.call 与数组等一起使用)并且只传递数据(不是要执行的命令),它应该没问题.
I would run a daemon as root (written in Python, why not) and then IPC between the Django instance and your daemon. As long as you're sure to validate the content and properly handle it (e.g. use subprocess.call with an array etc) and only pass in data (not commands to execute) it should be fine.
这是一个使用 web.py 的客户端和服务器示例
Here is an example client and server, using web.py
服务器:http://gist.github.com/788639客户:http://gist.github.com/788658
您需要安装 webpy.org,但无论如何都值得拥有.如果您可以将 IP(或主机名)硬连接到服务器并删除参数,那就更好了.
You'll need to install webpy.org but it's worth having around anyway. If you can hard-wire the IP (or hostname) into the server and remove the argument, all the better.
这篇关于Django 和 root 进程的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
