Hi all. I try not to post until I am stuck in hole with no way out. I
fought with this for several hours, and am currently in the hole.
I'm doing a proof of concept for creating afp shares dynamically
through a web interface from a client machine. I use a bit of php to
setup a simple form, and then have the php execute my python script on
the server. The python script tries to 'su' to root to create the
share, create dirs, set perms, etc
The python script alone works fine as 'www'. I can become 'www', run
it from the command line and the share is made. But when I try to have
the web server execute it, I continually get a password failure. I'm
positive the password is correct.
Any ideas?
~Sean D
~~~~~~~~~~~test .py
#! /usr/bin/env python
import commands, os, P, pexpect
sharename = sys.argv[1]
root = "/Users/Shared"
sharepath = os.path.join(ro ot, sharename)
password = P.P()
COMMAND_PROMPT = '[$%#]'
child = pexpect.spawn(' su')
i = child.expect([pexpect.TIMEOUT , '[Pp]assword:'], timeout=1)
child.sendline( password.Decryp t(password.sean ))
i = child.expect (['su: Sorry', COMMAND_PROMPT])
if i == 0:
print 'Password not accepted'
sys.exit(1)
else:
print "Making dir: %s" % sharepath
child.sendline( "mkdir %s" % sharepath)
i = child.expect([pexpect.TIMEOUT , COMMAND_PROMPT] ,timeout=1)
print "Setting group to 'audio'"
child.sendline( "chgrp audio %s" % sharepath)
i = child.expect([pexpect.TIMEOUT , COMMAND_PROMPT] ,timeout=1)
print "setting owner to 'audio01'"
child.sendline( "chown audio01 %s" % sharepath)
i = child.expect([pexpect.TIMEOUT , COMMAND_PROMPT] ,timeout=1)
print "Opening permissions"
child.sendline( "chmod 777 %s" % sharepath)
i = child.expect([pexpect.TIMEOUT , COMMAND_PROMPT] ,timeout=1)
print "sharing -a %s -s 100" % sharepath
child.sendline( "sharing -a %s -s 100" % sharepath)
i = child.expect([pexpect.TIMEOUT , COMMAND_PROMPT] ,timeout=1)
sys.exit(0)
~~~~~~~~~~~test .php
<html>
<body>
<?php
if (isset($_GET['sharename'])) {
$last_line = system("/Users/Shared/test.py {$_GET['sharename']}",
$retval);
if ($retval == 0) {
echo "<br><h2>Mo unt afp://xxx.xxx.xxx.xxx/{$_GET['sharename']}</h2>";
} else {
echo "<br><h2>Fa iled creating share!</h2>";
}
} else {
echo "<form action='test.ph p'>";
echo "<table>";
echo "<td>Name of share:</td><td><input type='text'
name='sharename '></td>";
echo "</table></form>";
}
?>
</body>
</html> 5 2747
Well, first i don't think it is a good idea to have the python script
tu su to root, but for it to work, i think (Totally unsure about that)
www has to be in group wheel to be able to su.
An other way to make your script run as root is to set the setuid bit
on your python script to make it run as root, without using su. ha**********@gm ail.com wrote:
Hi all. I try not to post until I am stuck in hole with no way out. I
fought with this for several hours, and am currently in the hole.
I'm doing a proof of concept for creating afp shares dynamically
through a web interface from a client machine. I use a bit of php to
setup a simple form, and then have the php execute my python script on
the server. The python script tries to 'su' to root to create the
share, create dirs, set perms, etc
The python script alone works fine as 'www'. I can become 'www', run
it from the command line and the share is made. But when I try to have
the web server execute it, I continually get a password failure. I'm
positive the password is correct.
Any ideas?
~Sean D
~~~~~~~~~~~test .py
#! /usr/bin/env python
import commands, os, P, pexpect
sharename = sys.argv[1]
root = "/Users/Shared"
sharepath = os.path.join(ro ot, sharename)
password = P.P()
COMMAND_PROMPT = '[$%#]'
child = pexpect.spawn(' su')
i = child.expect([pexpect.TIMEOUT , '[Pp]assword:'], timeout=1)
child.sendline( password.Decryp t(password.sean ))
i = child.expect (['su: Sorry', COMMAND_PROMPT])
if i == 0:
print 'Password not accepted'
sys.exit(1)
else:
print "Making dir: %s" % sharepath
child.sendline( "mkdir %s" % sharepath)
i = child.expect([pexpect.TIMEOUT , COMMAND_PROMPT] ,timeout=1)
print "Setting group to 'audio'"
child.sendline( "chgrp audio %s" % sharepath)
i = child.expect([pexpect.TIMEOUT , COMMAND_PROMPT] ,timeout=1)
print "setting owner to 'audio01'"
child.sendline( "chown audio01 %s" % sharepath)
i = child.expect([pexpect.TIMEOUT , COMMAND_PROMPT] ,timeout=1)
print "Opening permissions"
child.sendline( "chmod 777 %s" % sharepath)
i = child.expect([pexpect.TIMEOUT , COMMAND_PROMPT] ,timeout=1)
print "sharing -a %s -s 100" % sharepath
child.sendline( "sharing -a %s -s 100" % sharepath)
i = child.expect([pexpect.TIMEOUT , COMMAND_PROMPT] ,timeout=1)
sys.exit(0)
~~~~~~~~~~~test .php
<html>
<body>
<?php
if (isset($_GET['sharename'])) {
$last_line = system("/Users/Shared/test.py {$_GET['sharename']}",
$retval);
if ($retval == 0) {
echo "<br><h2>Mo unt afp://xxx.xxx.xxx.xxx/{$_GET['sharename']}</h2>";
} else {
echo "<br><h2>Fa iled creating share!</h2>";
}
} else {
echo "<form action='test.ph p'>";
echo "<table>";
echo "<td>Name of share:</td><td><input type='text'
name='sharename '></td>";
echo "</table></form>";
}
?>
</body>
</html>
Well, first i don't think it is a good idea to have the python script
tu su to root, but for it to work, i think (Totally unsure about that)
www has to be in group wheel to be able to su.
Maybe sudo can help here.
Sudo is probably the best solution here, since in the file sudo.conf
you could restrict the www user only to the python script that requires
it.
Also, using either sudo or the setuid flag would remove the need of
pexpect since all the commands will be run as the designated user.
for setuid flag:
chmod u+s pythonScript.py
chown root pythonScript.py
for the sudo solution, add an entry to /etc/sudo.conf or /etc/sudoers ,
depending on distro:
the syntax for a line in sudo.conf is:
user hostlist = (userlist) commandlist
so you might want to add:
www localhost = NOPASSWD: /var/www/htdocs/pythonScript.py
note:
Replace the /var/www/htdocs/pythonScript.py with the path to where
your script is
the NOPASSWD: is a flag that tells sudo that no password is
required
Lee Harr wrote:
Well, first i don't think it is a good idea to have the python script
tu su to root, but for it to work, i think (Totally unsure about that)
www has to be in group wheel to be able to su.
Maybe sudo can help here.
Since it wont require pyexpect, and based on the operations you
accomplish with your python script, maybe that a bash script instead of
a python one might be the best tool for the job you're trying to
accomplish.
martdi wrote:
Sudo is probably the best solution here, since in the file sudo.conf
you could restrict the www user only to the python script that requires
it.
Also, using either sudo or the setuid flag would remove the need of
pexpect since all the commands will be run as the designated user.
for setuid flag:
chmod u+s pythonScript.py
chown root pythonScript.py
for the sudo solution, add an entry to /etc/sudo.conf or /etc/sudoers ,
depending on distro:
the syntax for a line in sudo.conf is:
user hostlist = (userlist) commandlist
so you might want to add:
www localhost = NOPASSWD: /var/www/htdocs/pythonScript.py
note:
Replace the /var/www/htdocs/pythonScript.py with the path to where
your script is
the NOPASSWD: is a flag that tells sudo that no password is
required
Lee Harr wrote:
Well, first i don't think it is a good idea to have the python script
tu su to root, but for it to work, i think (Totally unsure about that)
www has to be in group wheel to be able to su.
Maybe sudo can help here.
Thank you both for your help. I don't know why I didn't think of that
before. I had the expect mindset, and was determined to get it working
that way.
I added an entry for sudo for the script and it works without a hitch.
I'm still curious to know what was going on to disallow the
authentication in pexpect. I had added 'www' to user 'admin', and
could su to root from the command line, so I don't think that was it.
Maybe it was a timing error, ie pexpect fired off the password too soon
or too late, or something in the apache environment that just
disallowed becoming root for security reasons.
Problem solved.
~Sean
martdi wrote:
Since it wont require pyexpect, and based on the operations you
accomplish with your python script, maybe that a bash script instead of
a python one might be the best tool for the job you're trying to
accomplish.
martdi wrote:
Sudo is probably the best solution here, since in the file sudo.conf
you could restrict the www user only to the python script that requires
it.
Also, using either sudo or the setuid flag would remove the need of
pexpect since all the commands will be run as the designated user.
for setuid flag:
chmod u+s pythonScript.py
chown root pythonScript.py
for the sudo solution, add an entry to /etc/sudo.conf or /etc/sudoers ,
depending on distro:
the syntax for a line in sudo.conf is:
user hostlist = (userlist) commandlist
so you might want to add:
www localhost = NOPASSWD: /var/www/htdocs/pythonScript.py
note:
Replace the /var/www/htdocs/pythonScript.py with the path to where
your script is
the NOPASSWD: is a flag that tells sudo that no password is
required
Lee Harr wrote:
Well, first i don't think it is a good idea to have the python script
tu su to root, but for it to work, i think (Totally unsure about that)
www has to be in group wheel to be able to su.
>
>
Maybe sudo can help here.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Michael Surette |
last post by:
I have been trying to automate the changing of passwords using python and
pexpect. I wrote a script as a test and it works, except that it gives me
an exception when it stops running:
Exception exceptions.OSError:
(10, 'No child processes') in <bound method spawn.__del__ of
<pexpect.spawn instance at 0x403d938c>> ignored
What is happening and how do I get rid of the exception?
|
by: Adrian Casey |
last post by:
I have a collection of tcl expect scripts which I am converting to python
using the excellent pexpect module (http://pexpect.sourceforge.net/). So
far I've had great success in getting all my scripts to work with various
flavours of UNIX. However, OpenVMS is causing me problems.
The tcl scripts work perfectly across UNIX and VMS. I'm converting them
from tcl to python simply because python is more scalable and allows for
better code...
|
by: funkyj |
last post by:
I love pexpect because it means I may never have to use expect again (I
don't do any heavy expect lifting -- I just need simple tty control)!
As a python advocate I find it embarassing how difficult it is do the
following in python (without pexpect):
- logon to a remote system using ssh
- do an 'ls' and exit the remote shell
- print the output from the remote shell session.
|
by: dwelch91 |
last post by:
I'm having a problem using pexpect with 'sudo' on Ubuntu 6.06 (Dapper).
Here's the program:
#!/usr/bin/env python
import pexpect
import sys
child = pexpect.spawn("sudo apt-get update")
child.logfile = sys.stdout
|
by: Kevin Erickson |
last post by:
Hello,
I am attempting to use pexpect in python to copy files from a server
using scp; the copy works however exceptions are thrown and it exits
unsuccessfully. Below is the a sample code and the error:
#Begin Code
import sys
import pexpect
| |
by: asgarde |
last post by:
hello,
I'm new in Python and i would like to use Pexpect to execute a root
command (i want to mount via a Pyhton script a drive)
so that's my script for the moment :
from os import *
import pexpect
import os
|
by: crybaby |
last post by:
I need to ssh into a remote machine and check if mytest.log file is
there. I have setup ssh keys to handle login authentications.
How do I determine if mytest.log is there by using Pexpect. What I
have done so far is spawned a child for ssh.
1) Now what do I do to execute shell_cmd(ls and grep), spawn another
child?
2) Can I use the same child that was spawned for ssh, if so how?
|
by: Sriram Rajan |
last post by:
For some reason, Using pexpect causes my output to echo twice when I
connect from my MAC Darwin (10.4) to Linux (CentOS release 5 ):
The program:
---------------------
#!/usr/bin/python
# Automatic scp to remote host
# Input 1 : filename
# Input 2 : destination folder
# Input 3 : hostname
|
by: yellowblueyellow |
last post by:
Hey , I need to SSH into a server .. (10.8.42.38) using pexpect the
username is 'admin' and password is 'abc123' so far i have the
following code
import pexpect
import sys
import time
import os
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |