Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Django and root processes

In my Django project I need to be able to check whether a host on the LAN is up using an ICMP ping. I found this SO question which answers how to ping something in Python and this SO question which links to resources explaining how to use the sodoers file.

The Setting

A Device model stores an IP address for a host on the LAN, and after adding a new Device instance to the DB (via a custom view, not the admin) I envisage checking to see if the device responds to a ping using an AJAX call to an API which exposes the capability.

The Problem

However (from the docstring of a library suggested in the the first SO question) "Note that ICMP messages can only be sent from processes running as root."

I don't want to run Django as the root user, since it is bad practice. However this part of the process (sending and ICMP ping) needs to run as root. If with a Django view I wish to send off a ping packet to test the liveness of a host then Django itself is required to be running as root since that is the process which would be invoking the ping.

Solutions

These are the solutions I can think of, and my question is are there any better ways to only execute select parts of a Django project as root, other than these:

  1. Run Django as root (please no!)
  2. Put a "ping request" in a queue that another processes -- run as root -- can periodically check and fulfil. Maybe something like celery.

Is there not a simpler way?

I want something like a "Django run as root" library, is this possible?

like image 961
Marcus Whybrow Avatar asked Jan 20 '11 15:01

Marcus Whybrow


People also ask

What is the root of a Django project?

Django root directory is the default app which Django provides you. It contains the files which will be used in maintaining the whole project. The name of Django root directory is the same as the project name you mentioned in django-admin startproject [projectname].

What is the process involved in Django application management?

If it's an application configuration class, Django imports the root package of the application, defined by its name attribute. If it's a Python package, Django looks for an application configuration in an apps.py submodule, or else creates a default application configuration.

How can we handle urls in Django?

Django runs through each URL pattern, in order, and stops at the first one that matches the requested URL, matching against path_info . Once one of the URL patterns matches, Django imports and calls the given view, which is a Python function (or a class-based view).


1 Answers

Absolutely no way, do not run the Django code as root!

I would run a daemon as root (written in Python, why not) and then IPC between the Django instance and your daemon. As long as you're sure to validate the content and properly handle it (e.g. use subprocess.call with an array etc) and only pass in data (not commands to execute) it should be fine.

Here is an example client and server, using web.py

Server: http://gist.github.com/788639 Client: http://gist.github.com/788658

You'll need to install webpy.org but it's worth having around anyway. If you can hard-wire the IP (or hostname) into the server and remove the argument, all the better.

like image 83
Joe Avatar answered Sep 30 '22 18:09

Joe