I am developing an application that manages network interfaces on behalf of the user, and accesses several external programs (for example, ifconfig) that require changes to the root. (In particular, changing the IP address of the local interface, etc.). During development, I ran the IDE with root (ugh) rights and a debugger with root privileges (double-ough). Is there a good way for the end user to run them under an unauthorized account? I strongly dislike the attack surface size represented by GTK, wxPython, Python and my application when it runs as root.
I explored the possibilities, but they look half-wrapped, and I'm not sure if I can use them in Python, especially if they are streaming. The only option I have not studied is a daemon that set the setuid bit and performs all the functions of the root type on behalf of the user interface. I hesitate to introduce this complexity at an early stage of the project, since working with root privileges is not a gap for users.
Your idea of a demon has many virtues, despite the complexity that it introduces. Until actions require interaction with the user interface as root, the daemon allows you to control which operations are allowed and prohibited.
SUDO ROOT ... SUDO , . , "" .
, ""
, , , , , , , , .
, , , , , .
( , , , su , . )
selinux . Selinux . selinux, - .
, setuid root setuid id, root, - sudo . , , , setuid ( ) sudo, , .
, , sudo .
, Unix, , sudo, ( API), fallback, setuid root , .
[EDIT] , sudo NOPASSWD, , , .
setuid, , . , , , setuid ( , ).
( root, ), . , , IPC ( d-bus, , , ).
, , , , , . - , ( ), , , , .
, "" root. root, ; . - , "" , , root, , , .
Python, , , , . - :
Most likely, it will be a little easier to write than an independent daemon, and also more convenient to run (since you do not need to worry about whether the daemon works or not), and also allows you to use the graphical interface and other things that do not need permissions root, which will run as non-root.
Source: https://habr.com/ru/post/1698903/More articles:https://translate.googleusercontent.com/translate_c?depth=1&pto=aue&rurl=translate.google.com&sl=ru&sp=nmt4&tl=en&u=https://fooobar.com/questions/1698898/ie-css-fieldset-border-extends-too-far-to-the-right-why&usg=ALkJrhhLUqzKwh2Bw339HAoe4UpI2gVvUgЕсть ли блокирующий StreamReader, TextReader или StringReader в .NET? - inputШаблон наблюдателя с WCF MSMQ - .netNetbeans GUI Designer & Fixed-Size Application Panels - javaIs there a concept for shared sessions in ASP.NET? - cachingFile structure / architecture for AJAX site? - ajaxRuns as administrator sometimes - c #How to check if mod_rewrite is working - apacheHow to compile a C # file outside of App_Code? - asp.netWhat's new in Visual Studio 2008 vs 2005 or C # 3.0 vs C # 2.0? - c #All Articles