You are not logged in.
- Topics: Active | Unanswered
#1 2010-12-16 18:18:09
- yms
- Member
- From: Switzerland
- Registered: 2009-06-05
- Posts: 64
Correctly managing permissions (Python)
Hi,
I am currently writing a script that is writing, sorting and merging thousands of files in a huge tree in my file-system. Several users on the machine have to use the program (let's call it P) and it is out of question to run it as root.
I have a Unix group also called P that has the whole tree I was referring to previously. This is it for now.
How to create a user (called P) just for my program (like for example apache does) ? Does it have to be a "system user" (created with -r) ?
How to tell my Python script to write files with a given ownership (namely P:P) and permissions ?
Thank you in advance,
yms
Sorry for any English mistakes, I am not a native speaker.
Offline
#2 2010-12-16 19:40:32
- boogy
- Member
- From: /dev/random
- Registered: 2010-05-20
- Posts: 37
- Website
Re: Correctly managing permissions (Python)
Well if the script is executed with a users account the files and folders that it creates will be owned by that user. You can scepifically change permissions with your script or use the setgid bit on the folders... And you can create a normal user with no login bash and execute the script with the name of that user.
you can put the setuid of that user on your script so it will always hav the rights of that specific user. You can also use the sudo power to manage permissions for that script for other users on your machine ... Hope this helps.
Where there is a shell, there is a way
Offline
#3 2010-12-16 23:21:39
- tavianator
- Member
- From: Waterloo, ON, Canada
- Registered: 2007-08-21
- Posts: 859
- Website
Re: Correctly managing permissions (Python)
you can put the setuid of that user on your script so it will always hav the rights of that specific user.
For security reasons, Linux doesn't honour the setuid/setgid bits on scripts; only executables. In order to run as a specific user the script must start with root privileges and setuid() itself, or be run by something like cron which can run tasks as specific users.
Offline
#4 2010-12-17 10:38:02
- yms
- Member
- From: Switzerland
- Registered: 2009-06-05
- Posts: 64
Re: Correctly managing permissions (Python)
Thank you for your answers. It is quite helpful but what I really need is to know how to do these things. What options I should pay attention to when using useradd (or adduser) and how to manage the permissions and ownership (especially group ownership) in the actual Python code (http://docs.python.org/library/os.html does not tell me much about that).
Sorry for any English mistakes, I am not a native speaker.
Offline
#5 2010-12-20 04:38:29
- delerious010
- Member
- From: Montreal
- Registered: 2008-10-07
- Posts: 72
Re: Correctly managing permissions (Python)
Hi yms,
There are a number of possibilities depending on how exactly you need this to be done / what your requirements are.
If the script is initially called as root, then within the python script you could always use os.seteuid, os.setegid ( ex.: http://snipplr.com/view/5503/drop-privileges/ ). This would effectively mean that, though the script was called by root, it would interact with files as the user you specified. This is similar to what apache would do I believe.
Alternately, you could simply have the script executed via sudo or su so that the script itself is called by user P.
Or, if you require each inidividual user to call the script themselves, with their own credentials, you could simply setup ACLs on the folder so that users never lose access to another user's files.
Offline