Alternative question to how to run a command once a second - run a command as root
The alternative to running a script once a second (as in my other question) is to use a script that's setuid root - nasty and most systems don't let you do it. I'll explain the problem, I'm reading some analog inputs on a Beaglebone Black and want to display them on a numeric LCD. It's basically a voltmeter and ammeter. Thus I want the display to update fairly frequently. The underlying problem is that because of the (stupid?) way the Beaglebone is configured you have to be root to read the ADC inputs. Thus my original solution was to have a root task running in the background reading the ADC values once a second and writing them to a world readable file. The user task can then read them from file as necessary and display the values or send them to me or whatever. The alternative would be to provide some sort of callable routine that runs with root privilege which can be called as needed from user tasks. This would be a much more elegant solution really as much of the time I don't need 'once a second' frequency, only once an hour for sending values across the internet. It's only when I'm in the same place as the Beaglebone that I want 'once a second' values that I can look at. Is there a neat way of running a bit of Python code with root privilege? Security really isn't terribly important, it's only a little SBC monitoring some values. I suppose I could simply run everything as root but that feels all wrong somehow! :-) -- Chris Green
On 16/08/14 17:15, Chris Green wrote:
Is there a neat way of running a bit of Python code with root privilege? Security really isn't terribly important, it's only a little SBC monitoring some values.
Hi Chris, I actually have my system updates set up on a Python script (sudo apt-get update, upgrade, dist-upgrade etc) so that it automatically runs once a day for me. They way I got round the security issue is to write the Python script using the "os" library. The os.system() call lets you put a normal shell command into a Python script and it executes it exactly as written. You can even use sudo in the os.system() call, although this then prompts for a password. This script can then be called in other python scripts using something like os.system('python /path/to/script') and that should solve your problem. Except it will still ask for a password when it hits sudo, so... If you edit the sudoers file (sudo visudo on *buntu but may be different on yours) and add: username ALL=(ALL) NOPASSWD: /path/to/script/to/be/run/as/root Save and exit as usual. Now change ownership of the Python script to root. The addition to the sudoers file will allow that script to be run without a password, even if there is a sudo prompt in there, but because the file itself is owned by root, non-root users can't amend it to do naughty things. The only problem is if someone has access to the file on your computer, and your root password, although then abuse of a Python script is probably the least of your worries.
I suppose I could simply run everything as root but that feels all wrong somehow! :-)
Agreed 100%! Cheers
On 16/08/14 17:29, Paul wrote:
On 16/08/14 17:15, Chris Green wrote:
Is there a neat way of running a bit of Python code with root privilege? Security really isn't terribly important, it's only a little SBC monitoring some values.
Hi Chris,
I actually have my system updates set up on a Python script (sudo apt-get update, upgrade, dist-upgrade etc) so that it automatically runs once a day for me.
They way I got round the security issue is to write the Python script using the "os" library.
The os.system() call lets you put a normal shell command into a Python script and it executes it exactly as written. You can even use sudo in the os.system() call, although this then prompts for a password.
This script can then be called in other python scripts using something like os.system('python /path/to/script') and that should solve your problem. Except it will still ask for a password when it hits sudo, so...
If you edit the sudoers file (sudo visudo on *buntu but may be different on yours) and add:
username ALL=(ALL) NOPASSWD: /path/to/script/to/be/run/as/root
Save and exit as usual. Now change ownership of the Python script to root.
The addition to the sudoers file will allow that script to be run without a password, even if there is a sudo prompt in there, but because the file itself is owned by root, non-root users can't amend it to do naughty things.
The only problem is if someone has access to the file on your computer, and your root password, although then abuse of a Python script is probably the least of your worries.
I suppose I could simply run everything as root but that feels all wrong somehow! :-)
Agreed 100%!
Does this help with running commands every second (or 10 as listed here?) http://askubuntu.com/questions/82616/how-to-execute-command-every-10-seconds... Steve
On Sat, Aug 16, 2014 at 05:29:47PM +0100, Paul wrote:
On 16/08/14 17:15, Chris Green wrote:
Is there a neat way of running a bit of Python code with root privilege? Security really isn't terribly important, it's only a little SBC monitoring some values.
Hi Chris,
I actually have my system updates set up on a Python script (sudo apt-get update, upgrade, dist-upgrade etc) so that it automatically runs once a day for me.
They way I got round the security issue is to write the Python script using the "os" library.
The os.system() call lets you put a normal shell command into a Python script and it executes it exactly as written. You can even use sudo in the os.system() call, although this then prompts for a password.
This script can then be called in other python scripts using something like os.system('python /path/to/script') and that should solve your problem. Except it will still ask for a password when it hits sudo, so...
If you edit the sudoers file (sudo visudo on *buntu but may be different on yours) and add:
username ALL=(ALL) NOPASSWD: /path/to/script/to/be/run/as/root
Save and exit as usual. Now change ownership of the Python script to root.
The addition to the sudoers file will allow that script to be run without a password, even if there is a sudo prompt in there, but because the file itself is owned by root, non-root users can't amend it to do naughty things.
The only problem is if someone has access to the file on your computer, and your root password, although then abuse of a Python script is probably the least of your worries.
I suppose I could simply run everything as root but that feels all wrong somehow! :-)
Agreed 100%!
Thanks for this, seems a reasonably easy and practical way to do it. -- Chris Green
participants (3)
-
Chris Green -
Paul -
steve-ALUG@hst.me.uk