Hello,
I would like to know if there is a way to run a Python file under a
different user account than the one logged in. Allow me to explain.
There are a bunch of people here, they are "basic user", with limited
permissions. Basically there are locations on the network where they
can only read and execute files, but no way to write.
Now, if these users want to write or modify files and directories,
they would have to use my tools, which would control the permissions
and allow the operations under parameters that I have defined.
Currently I see two ways of accomplishing this:
1- the script changes the permissions of the locations the user is
writing to, allowing the "basic user" to write to this location, and
then restore the original permissions. What I don't like about this
one, is that if the script stops, the locations may retain the writing
permissions for the basic user.
2- the script itself runs under a account with writing privileges (the
power user), and network location permissions are not changed. If the
script crashes, well, nothing to worry about as far as I can see.
I could find in the Python library a way to do #1 easily (the os
module), but failed to find anything for #2.
Thanks in advance
Bernard 8 11150
Bernard Lebel schrieb: Hello,
I would like to know if there is a way to run a Python file under a different user account than the one logged in. Allow me to explain.
There are a bunch of people here, they are "basic user", with limited permissions. Basically there are locations on the network where they can only read and execute files, but no way to write.
Now, if these users want to write or modify files and directories, they would have to use my tools, which would control the permissions and allow the operations under parameters that I have defined.
Currently I see two ways of accomplishing this:
1- the script changes the permissions of the locations the user is writing to, allowing the "basic user" to write to this location, and then restore the original permissions. What I don't like about this one, is that if the script stops, the locations may retain the writing permissions for the basic user.
2- the script itself runs under a account with writing privileges (the power user), and network location permissions are not changed. If the script crashes, well, nothing to worry about as far as I can see.
I could find in the Python library a way to do #1 easily (the os module), but failed to find anything for #2.
You didn't find anything there for a few reasons - mainly because if
there was anything that made a program decide for itself which rights it
wanted to run with, the whole concept of restrictive access would be
kind of useless...
And as you refrain form telling us which OS you are running under one
can only be very vague on what to suggest - UNIXish OSes have for
example the setguid-bit, sudo springs to mind and under certain desktops
there are ways to acquire root-settings (but you need a password then I
guess)
Windows I don't know so much - but there exist the possibility to make a
program run under a different user-account.
Diez
Hello Diez,
Please see below. And as you refrain form telling us which OS you are running under one can only be very vague on what to suggest - UNIXish OSes have for example the setguid-bit, sudo springs to mind and under certain desktops there are ways to acquire root-settings (but you need a password then I guess)
Windows I don't know so much - but there exist the possibility to make a program run under a different user-account.
For Windows, you can use the 'runas.exe' program. But it requires a
password too.
From what you wrote, I think that you need to change architecture. You
should write your own service rather than write tricky programs. This
way you can develop your own security system, and restrict access to
specific files/programs. You can write tools that can connect to your
service. The service program can be ran on the background, with
sufficient privileges. How does it sound?
Best,
Laszlo
On 5/26/06, Diez B. Roggisch <de***@nospam.w eb.de> wrote: And as you refrain form telling us which OS you are running under
[Bernard] The network file server is Red Hat Enterprise 4.
The user workstation run through MS Windows XP Pro 32bit SP2,
accessing the file server through Samba.
one can only be very vague on what to suggest - UNIXish OSes have for example the setguid-bit, sudo springs to mind and under certain desktops there are ways to acquire root-settings (but you need a password then I guess)
Windows I don't know so much - but there exist the possibility to make a program run under a different user-account.
[Bernard] Thanks anway.
Bernard
On 5/26/06, Laszlo Nagy <ga*****@design aproduct.biz> wrote: For Windows, you can use the 'runas.exe' program. But it requires a password too.
From what you wrote, I think that you need to change architecture. You should write your own service rather than write tricky programs. This way you can develop your own security system, and restrict access to specific files/programs. You can write tools that can connect to your service. The service program can be ran on the background, with sufficient privileges. How does it sound?
[Bermard] Any ressource you could point me to as to write services?
I'm totally unexperienced with that.
Thanks a bunch.
Bernard From what you wrote, I think that you need to change architecture. You should write your own service rather than write tricky programs. This way you can develop your own security system, and restrict access to specific files/programs. You can write tools that can connect to your service. The service program can be ran on the background, with sufficient privileges. How does it sound?
[Bermard] Any ressource you could point me to as to write services? I'm totally unexperienced with that.
I'm sorry, I was out of town in the weekend. You can try to write a
multi-threaded application server that provides services through TCP/IP.
Probably, the easiest to start with an existing framework: http://twistedmatrix.com/projects/core/ http://www.webwareforpython.org/
There are many other libraries, you can look for them in the cheeseshop. http://cheeseshop.python.org/pypi
You can also develop your own protocol with SocketServer or xmlrpc: http://docs.python.org/lib/module-SocketServer.html http://docs.python.org/lib/module-xmlrpclib.html
Best,
Laszlo
Thanks Laszlo, I'll check it out.
Bernard
On 5/29/06, Laszlo Nagy <ga*****@design aproduct.biz> wrote: From what you wrote, I think that you need to change architecture. You should write your own service rather than write tricky programs. This way you can develop your own security system, and restrict access to specific files/programs. You can write tools that can connect to your service. The service program can be ran on the background, with sufficient privileges. How does it sound?
[Bermard] Any ressource you could point me to as to write services? I'm totally unexperienced with that.
I'm sorry, I was out of town in the weekend. You can try to write a multi-threaded application server that provides services through TCP/IP. Probably, the easiest to start with an existing framework:
http://twistedmatrix.com/projects/core/ http://www.webwareforpython.org/
There are many other libraries, you can look for them in the cheeseshop.
http://cheeseshop.python.org/pypi
You can also develop your own protocol with SocketServer or xmlrpc:
http://docs.python.org/lib/module-SocketServer.html http://docs.python.org/lib/module-xmlrpclib.html
Best,
Laszlo
Bernard Lebel a écrit : On 5/26/06, Laszlo Nagy <ga*****@design aproduct.biz> wrote: For Windows, you can use the 'runas.exe' program. But it requires a password too.
From what you wrote, I think that you need to change architecture. You should write your own service rather than write tricky programs. This way you can develop your own security system, and restrict access to specific files/programs. You can write tools that can connect to your service. The service program can be ran on the background, with sufficient privileges. How does it sound?
[Bermard] Any ressource you could point me to as to write services? I'm totally unexperienced with that.
As you run under Unix, you may be interrested into the daemon.py script.
See Unix Daemon in page http://homepage.hispeed.ch/py430/python/index.html
And too: http://aspn.activestate.com/ASPN/Coo.../Recipe/278731
See also google links for python + daemon
A+
Laurent.
Laszlo Nagy wrote: For Windows, you can use the 'runas.exe' program. But it requires a password too.
Or you can get a copy of the shareware program RunAsProfession al, which
I use for my kids stupid games that necessarily has to be run by an
admin. The price I paid was 10 Euro, which I still think was money well
spent. IIRC you get a 30 days trial version for free. http://freedownloads.rbytes.net/cat/...-professional/
It does the same thing as RunAs, but you do not need to type the
password every time you run your program. Instead the password is stored
encrypted in the file you launch. I do not know what encryption is used,
or how safe the encryption is. My needs are simply to make sure that my
kids do not destroy anything by mistake. Sure, the stupid game may be
designed to destroy, but that's another issue.
/MiO This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Russell E. Owen |
last post by:
I have a Python/Tkinter remote control application and want to add
support for running user scripts.
I would like the scripts to be written in python, would like them to be
able to update Tkinter widgets and (the hard part) would also like them
to be capable of pausing until some condition is met (e.g. a remote
control command finishes)...
|
by: chris.levis |
last post by:
All:
I have written a Python webapp under MS IIS 5.0 that does the
following:
-Does a CVS checkout of a particular bit of xml
-Gets a list of valid cvs tags for that xml file
-Based on user input via forms, modifies that xml
-CVS checkin's that file
To have correct permissions to run the cvs binaries and to write
|
by: gyromagnetic |
last post by:
The following url points to an article written by Damian Conway
entitled "Ten Essential Development Practices":
http://www.perl.com/pub/a/2005/07/14/bestpractices.html
Althought the article has Perl as a focus, I thought that some of the
general points made might be of interest to the Python community. It
would certainly be interesting to...
|
by: Kenneth McDonald |
last post by:
Is there any emerging consensus on the "best" UI for toolkit. Tk
never quite made it but from what I can see, both qt and wxWin are
both doing fairly well in general. I'm already aware of the licensing
issues surrounding qt (fwiw, I think their license fee for commercial
use is eminently reasonable), so aside from that, I was wondering if...
|
by: Ben Sizer |
last post by:
I've installed several different versions of Python across several
different versions of MS Windows, and not a single time was the Python
directory or the Scripts subdirectory added to the PATH environment
variable. Every time, I've had to go through and add this by hand, to
have something resembling a usable Python installation. No such...
| |
by: walterbyrd |
last post by:
I understand that Python has them, but PHP doesn't.
I think that is because mod_php is built into apache, but mod_python
is not usually in apache. If mod_python was built into apache, would
python still have long running processes (LRP)?
Do LRPs have to do with a Python interpreter running all the time? Or
is it something else?
I also...
|
by: James Mills |
last post by:
On Thu, Oct 9, 2008 at 2:26 PM, Warren DeLano <warren@delsci.comwrote:
Yes it does :)
I second this.
It's far better to use Data Structures
rather than Programming Constructs
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
| |
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...
| |