I have a python script that is launched as root, I can't change it.
I would like to know if it's possible to exectute certain lines of this script (or all the script) as normal user (I don't need to be root to run this).
The reason is, I use notifications, and python-notify don't work in all machines in root (looks like this bug)
So ,do you know if it's possible to change it, with a subprocess, or other?
Thanks
1 Answer. Show activity on this post. From the terminal instead of doing python yourProgram.py , do sudo python yourProgram.py . It will ask for your password so type it and it should run.
Use the command sudo . In order to run a program as a user, the system must "authenticate" that user. Obviously, root can run any program as any user, and any user can su to another user with a password. The program sudo can be configured to allow a group of users to sudo a particular command as a particular user.
I would like to know if it's possible to exectute certain lines of this script (or all the script) as normal user
Yes, it's possible—and a good idea.
Python's os
module has a group of functions to set the real, effective, and saved user and group id, starting with setegid
. What exactly each of these does is up to your platform, as far as Python is concerned; it's just calling the C functions of the same names.
But POSIX defines what those functions do. See setuid
and seteuid
for details, but the short version is:
seteuid
or setreuid
, to set just effective, or real and effective, but not saved UID. Then use the same function again to set them back to root.setresuid
instead, to set all three.If you're using Python 3.1 and earlier, you don't have all of these functions. You can still use seteuid
to switch effective ID back and forth, but setuid
will… well, it depends on your platform, but I think most modern platforms will change saved as well as real, meaning you can't get root back. If you read the linked POSIX doc, there are a bunch of caveats and complexities in the POSIX documentation. If you only care about one platform, you probably want to read your local manpages instead, rather than reading about all of the cases and then trying to figure out which one covers your platform.
So ,do you know if it's possible to change it, with a subprocess, or other?
That isn't necessary (at least on a conforming POSIX system), but it can make things easier or safer. You can use subprocess
, multiprocessing
, os.fork
, or any other mechanism to launch a child process, which immediately uses setuid
to drop privileges—or even setresuid
to give up the ability to ever restore its privilege. When that child process is done with its task, it just exits.
you need getpwnam from PWD module , for access user-id by pass username and then with os.setuid() you can change the user and Run python script as another user .
import pwd, os
uid = pwd.getpwnam('username')[2] #instead of index 2 you can use pw_uid Attribute
os.setuid(uid)
But Note that using setuid
can make a enormous security hole .
If the script is running as root
, you can use os.setuid
to change the process's current UID to that of another user (irrevocably) or os.seteuid
to change the process's current effective UID (and you can use it again afterwards to reset the EUID to root
).
Note that os.setuid
changes both the real and effective UID - this is the reason it is irrevocable.
os.seteuid
changes the effective UID. Since the real UID will still be root
, you can still switch back the EUID to root
later on in the script.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With