[pygtk] running pygtk application with root privileges
Greg Ewing
greg.ewing at canterbury.ac.nz
Tue Mar 13 09:32:12 WST 2007
Miki wrote:
> Hi again,
> I wrote a simple C program:
>
> #define PYTHON "/home/mikib/t.py"
> main(argc, argv)
> char **argv;
> {
> setreuid(0,0);
> setregid(0,0);
> execvp(PYTHON, argv);
> }
>
>
> But after I compiled the C program and run it the Pyton program did not
> run as 'root' user,
Of course it won't -- in order for those setreuid and setregid
calls to succeed, the process has to *already* be running as
root.
To get the above to run as root, you would have to change the
owner of the executable file to root and set its setuid bit
(which you will need to be logged in as root to do, or use
sudo).
But as I said, *don't* use this to run the whole Python
program as root -- you will be opening up a huge security
hole in your system. Write a small C program that does
just the parts that need privilege, and make that program
setuid root. And make sure that program is extremely
careful about what it is willing to do.
> Any idea how in Python I can open a file for write mode with privileges?
You can't elevate the privilege of a process just for a
particular file -- either the whole process is privileged
or it isn't. The only way a non-privileged process can
get something done that requires privilege is to persuade
another priveleged process to do it on its behalf.
--
Greg
More information about the pygtk
mailing list