Setuid Bit on Python Script:Linux VS Solaris

Setuid bit on python script : Linux vs Solaris

Most Unix distributions normally don't allow you to use setuid on a file that uses a #! interpreter. Solaris happens to be one that allows it due to its use of a more secure implementation than most other distributions.

See this FAQ entry for more background about why the mechanism is so dangerous: How can I get setuid shell scripts to work?

See this link for more discussion and how to compile a setuid executable that will run your script: setuid on shell scripts

The pertinent part:

int main()
{
   setuid( 0 );
   system( "/path/to/script.sh" );

   return 0;
}

setuid bit result

You can't use the setuid bit with shell scripts. The shell parses the shebang line to determine the program to execute, then launches that program without caring the slightest about the setuid bit set on the script.

See https://serverfault.com/questions/8449/cannot-set-uid-on-shell-scripts.

Running python script as root

So you want the script to run as root, even without sudo? For that you would need to set the setuid bit on the script with sudo chmod u+s program. However, most Unix distributions allow this only for binaries, and not for scripts, for security reasons. In general it's really not a good idea to do that.

If you want to run this script as root, you will have to run as sudo. Or, you have to create a binary that runs your script, so that you can set the setuid bit on this binary wrapper. This related question explains more.

It's also a good idea to check the effective uid, and if it's not root then stop running. For that, add this near the top (thanks @efirvida for the tip!)

if not os.geteuid() == 0:
    sys.exit("\nOnly root can run this script\n")

ORIGINAL ANSWER

Maybe your user and root use a different version of python, with different python path, and different set of libraries.

Try this:

command -v python
sudo command -v python

If the two commands don't give the same result then you either need to change the setup of the users to use the same version of python (the one that has the ALSA libs), or hardcode the python version the first line of the script.

Also try adding a print sys.path line in the script, and run with your user and with sudo and compare. Probably you'll get different results. You may need to tweak the PYTHONPATH variable of your user.

It shouldn't be necessary to make the owner of the script root, and to run it with sudo. You just need to configure python and PYTHONPATH correctly.


Related Topics

Executing Command Using "Su -L" in Ssh Using Python

Opening a Python Thread in a New Console Window

Why Xgrabkey Generates Extra Focus-Out and Focus-In Events

Set the Hardware Clock in Python

Increasing a File's Size Using Mmap

How to Find the Target File's Full(Absolute Path) of the Symbolic Link or Soft Link in Python

Python Portable, Linux & Windows

Can Python Detect Which Os Is It Running Under

Python Ctypes Not Loading Dynamic Library on MAC Os X

Why Is Time.Clock Giving a Greater Elapsed Time Than Time.Time

Gunicorn Command Not Found, But It's in My Requirements.Txt

Oserror: [Error 1] Operation Not Permitted

List Nearby/Discoverable Bluetooth Devices, Including Already Paired, in Python, on Linux

Gae " No Attribute 'Httpshandler' " Dev_Appserver.Py

How to Cleanly Kill Subprocesses in Python

Error While Installing Matplotlib

(Still) Cannot Properly Install Lxml 2.3 for Python, But at Least 2.2.8 Works

Google Cloud Sdk: Set Environment Variable_ Python --> Linux


Leave a reply



Submit