I am writing a python script that will use the Popen subprocess (with a message (I think)) to run various shell commands, etc. Often shell commands that I execute are usually run (manually) using sudo.
I am running a script that uses a subprocess with sudo. I am wondering if I can safely leave sudo from all my subprocess calls, or do I need to enable it and use stdin to provide a password.
This seems like a pretty simple question, but I have not been able to find the answer yet. From my experiments it seems that I might not need sudo, but I'm not sure if this is true, or if it just โworks like thatโ because I recently provided my password.
EDIT: I figured out how to reset and restore the root. Its quite simple with a multiprocessing package
... from multiprocessing import Process, Pipe ... parent_conn, child_conn = Pipe() p = P(input_list, child_conn) p.start() p.join() return RunSyncReturn(**parent_conn.recv()) ... class P(Process): def __init__(self, input_list, conn): super(P, self).__init__() self._input_list = input_list self._conn = conn def run(self): drop_privileges() process = Popen(self._input_list, stdout=PIPE) stdout, stderr = process.communicate() pmap = {} pmap['stdout'] = stdout pmap['stderr'] = stderr pmap['exit_code'] = process.returncode self._conn.send(pmap) self._conn.close()
RunSyncReturn is just a data storage class. When a process starts with multiprocessing, the class of the process dies, and privileges are reduced from it.
source share