I wrote a python program on windows which needs to listen for
connections on a low numbered port which works fine on windows but on
linux you need to be *root* in order to listen for connections on port
numbers below 1024.
I really don't want to run my program as root because that would give it
unnecessary access to the whole of the system.
Has anyone got any suggestion on the best way to allow my program to
listen on those socket without runing as root when doing anything else?
Ideally I want this to be portable so the same program still runs on
windows. 6 2101
John Burton wrote: Has anyone got any suggestion on the best way to allow my program to listen on those socket without runing as root when doing anything else? Ideally I want this to be portable so the same program still runs on windows.
The standard practice is to make the program setuid, be root just long
enough to bind to the socket, then change to an unprivileged user (like
"daemon"). The idea is to run as little code as root as possible.
You can make a program suid root like this:
# chown root.root myprog.py
# chmod a+s myprog.py
And you can change users in Python like this:
----------------
import os
os.setreuid(2, 2)
----------------
UID 2 is normally the daemon user. If you want to use a different user
you can refer to the /etc/passwd file.
You may also want to run as the user who spawned the program in the
first place:
----------------
import os
uid = os.getuid() # Gets the "real" UID
# Do your socket binding
os.setreuid(uid , uid)
----------------
Hope this helps.
Dan Boitnott da*@lclinux.org
Dan Boitnott wrote: John Burton wrote:
Has anyone got any suggestion on the best way to allow my program to listen on those socket without runing as root when doing anything else? Ideally I want this to be portable so the same program still runs on windows.
The standard practice is to make the program setuid, be root just long enough to bind to the socket, then change to an unprivileged user (like "daemon"). The idea is to run as little code as root as possible.
You can make a program suid root like this:
# chown root.root myprog.py # chmod a+s myprog.py
And you can change users in Python like this:
---------------- import os os.setreuid(2, 2) ----------------
UID 2 is normally the daemon user. If you want to use a different user you can refer to the /etc/passwd file.
You may also want to run as the user who spawned the program in the first place:
---------------- import os uid = os.getuid() # Gets the "real" UID
# Do your socket binding
os.setreuid(uid , uid) ----------------
Hope this helps.
Well it does - thanks for that - except that setting the set uid bit on
the script doesn't seem to actually work. This is on gentoo linux.
John Burton wrote: Dan Boitnott wrote: > John Burton wrote: > Well it does - thanks for that - except that setting the set uid bit on the script doesn't seem to actually work. This is on gentoo linux.
Indeed it doesn't. You have to use a wrapper of some sort. Google should
help you on finding one.
Tuure Laurinolli wrote: John Burton wrote:
Dan Boitnott wrote: > John Burton wrote: > Well it does - thanks for that - except that setting the set uid bit on the script doesn't seem to actually work. This is on gentoo linux.
Indeed it doesn't. You have to use a wrapper of some sort. Google should help you on finding one.
Ok, I'm now using sudo to launch the application which just opens the
listening sockets and then calls os.setuid to set the uid back to an
unprivilaged account.
It seems to work fine.
Thanks for the help.
John Burton <jo*********@jb mail.com> writes: Ok, I'm now using sudo to launch the application which just opens the listening sockets and then calls os.setuid to set the uid back to an unprivilaged account.
That's how Apache does it too, more or less. Another method under
Linux is have a separate process that opens the low ports, and use an
AF_UNIX socket to pass the low ports back to your application through
ancillary messages. That requires a patch to the socket module, which
I'll see about coding up. I currently have a Sourceforge bug
(#815869) open for it.
Paul Rubin wrote: John Burton <jo*********@jb mail.com> writes:
Ok, I'm now using sudo to launch the application which just opens the listening sockets and then calls os.setuid to set the uid back to an unprivilage d account.
That's how Apache does it too, more or less. Another method under Linux is have a separate process that opens the low ports, and use an AF_UNIX socket to pass the low ports back to your application through ancillary messages. That requires a patch to the socket module, which I'll see about coding up. I currently have a Sourceforge bug (#815869) open for it.
The advantage of the original approach is that I want this to be
portable back to windows and the code can be the same except that it
doesn't do the the os.setuid on windows. This idea, while interesting,
would be harder to make portable I think. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Phil Jenson |
last post by:
I am try to evaluate the most efficient method of handling thousands of
simultaneous TCP connects each of which remain connected to the server for
hours and pass a small amount of data usually once a minute. The data
received is logged in a SQL Server database.
The only method I have found of reading each socket requires a thread for
each connection which blocks waiting for data. This appears to be very
inefficient as it will result in...
|
by: jiing |
last post by:
Now let me describe what I have done and my purpose:
Originally, I want to user ports to install phpBB
But I found that phpBB doesn't support mysql 5.x (but the ports
installed mySQL 5.0.0 alpha)
so I deinstall mysql5-server and mysql5-client
And then I install mysql41-server and mysql41-client on FreeBSD 5.3 by
ports
but now , mysql is not workable
|
by: DreJoh |
last post by:
I've read many articles on the subject and the majority of them give the same
solution that's in article 821625 on the MSDN website. I'm using the
following code and when a the client disconnects the child socket remains in
the CLOSE_WAIT state. Anyone have any idea what's missing?
----------------------------- Socket Code -----------------------------
namespace Sockets
{
#region Class - SocketClient
|
by: AA |
last post by:
This is making me crazy!!
Please, if some body can help me.
I'm testing a ver simple socket client.
In my test I just open and close a connection (in a loop) to my local IIS
server (port 80)
using System.Net.Sockets;
|
by: KevJB |
last post by:
I must say I'm new to these Raw sockets in C# and unfortunantly I haven't met
anyone who is a expert in them which makes trying to develop any rather
difficult.
What I've been doing is trying to create some sort of NAT Server to work as
a ADSL gateway and share internet access. Yes I know I can use ICS, No I'm
not going to. I want to learn shomething by doing this not just use a
standard out of the box solution.
Anyway, I set up my...
| |
by: yawnmoth |
last post by:
I wrote a PHP script that needs to connect to port 53 on UDP and on
some (shared) servers it doesn't seem to be working. This makes me
currious - is it possible that these servers connections on specific
ports has been disallowed? If so, how would one go about doing this?
Also, how might I go about detecting it?
|
by: zxo102 |
last post by:
Hi,
I am doing a small project using socket server and thread in python.
This is first time for me to use socket and thread things.
Here is my case. I have 20 socket clients. Each client send a set
of sensor data per second to a socket server. The socket server will
do two things: 1. write data into a file via bsddb; 2. forward the data
to a GUI written in wxpython.
I am thinking the code should work as follow (not sure it is
feasible)...
|
by: Tor Erik |
last post by:
Hi,
The reason is that my application does about 16 connects and data
transfers per second, to the same 16 remote hosts. After approx 200 secs
there are 4000 sockets waiting to be garbage collected by the OS. At
this point is seems that connect loops and starts using the same local
addresses it used 4000 connections ago, resulting in an "Address already
in use" exception.
A possible solution to this would be to keep the connection to...
|
by: george585 |
last post by:
Hello!
I am new to network programming, and understand just basics. Using some sample code, and having read documentation, I managed to create a simple app in C# and VB.NET. The application is supposed to do the following:
monitor ALL INCOMING TCP traffic on the local computer, and save certain parts of it as files - not log files though, but actual files that are sent to the computer as part of http or ftp. Basically if a user browse a page...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |