All geek questions in one place

Django and root processes

In my Django project, I need to check if the host is working on the local network using the ICMP pin. I found this SO question which answers how to ping something in Python and this SO question which refers to resources explaining how to use the sodoers file.

Customization

The Device model stores the IP address for the host on the local network and after adding a new instance of Device (through the user view, not the administrator) to the database, I review the check to see if the device responds to ping using the AJAX API call that provides opportunities.

Problem

However (from the documentation of the library proposed in the first SO question) "Please note that ICMP messages can only be sent from processes running as root."

I do not want to run Django as the root user, as this is bad practice. However, this part of the process (sending and ICMP ping) must be run as root. If, with the Django view, I want to send a ping package to check the viability of the host, then Django itself should start as root, since this is the process that will call ping.

Decision

These are the solutions that I can think of, and my question is: are there any more efficient ways to execute individual parts of the Django project as root besides these:

  • Run Django as root (please no!)
  • Queue the ping request so that other processes running as root can periodically check and execute. Maybe something like celery .

Is there an easier way?

I want something like the "Django run as root" library, is this possible?

+5
source share
3 answers

Not at all, don't run Django code as root!

I would run the daemon as root (written in Python, why not) and then the IPC between the Django instance and your daemon. As long as you are sure that you are checking the contents and processing it correctly (for example, use subprocess.call with an array, etc.) And only pass data (and not commands to execute), this should be good.

Here is an example client and server using web.py

Server: http://gist.github.com/788639 client: http://gist.github.com/788658

You will need to install webpy.org, but you should do it anyway. If you can hard connect the IP (or host name) to the server and remove the argument, all the better.

+7
source

What are you doing here? Perhaps you can write a small program that will do what you need by setting the parameter and fix it in the sudoers file and give your django user permission to run it as root.

/ etc / sudoers

+2
source

I donโ€™t know what system you are on, but in any field that I come across, you donโ€™t need to be root to run the ping command-line ping (it has the suid bit set, so it becomes root if necessary). Therefore, you can simply call it. This is slightly more overhead, but probably not significantly compared to network latency.

+1
source

Source: https://habr.com/ru/post/889710/

More articles:


All Articles