473,748 Members | 5,230 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

pexpect with apache

Hi all. I try not to post until I am stuck in hole with no way out. I
fought with this for several hours, and am currently in the hole.

I'm doing a proof of concept for creating afp shares dynamically
through a web interface from a client machine. I use a bit of php to
setup a simple form, and then have the php execute my python script on
the server. The python script tries to 'su' to root to create the
share, create dirs, set perms, etc

The python script alone works fine as 'www'. I can become 'www', run
it from the command line and the share is made. But when I try to have
the web server execute it, I continually get a password failure. I'm
positive the password is correct.

Any ideas?

~Sean D

~~~~~~~~~~~test .py
#! /usr/bin/env python

import commands, os, P, pexpect

sharename = sys.argv[1]

root = "/Users/Shared"
sharepath = os.path.join(ro ot, sharename)
password = P.P()

COMMAND_PROMPT = '[$%#]'
child = pexpect.spawn(' su')
i = child.expect([pexpect.TIMEOUT , '[Pp]assword:'], timeout=1)
child.sendline( password.Decryp t(password.sean ))

i = child.expect (['su: Sorry', COMMAND_PROMPT])

if i == 0:
print 'Password not accepted'
sys.exit(1)
else:
print "Making dir: %s" % sharepath
child.sendline( "mkdir %s" % sharepath)
i = child.expect([pexpect.TIMEOUT , COMMAND_PROMPT] ,timeout=1)
print "Setting group to 'audio'"
child.sendline( "chgrp audio %s" % sharepath)
i = child.expect([pexpect.TIMEOUT , COMMAND_PROMPT] ,timeout=1)
print "setting owner to 'audio01'"
child.sendline( "chown audio01 %s" % sharepath)
i = child.expect([pexpect.TIMEOUT , COMMAND_PROMPT] ,timeout=1)
print "Opening permissions"
child.sendline( "chmod 777 %s" % sharepath)
i = child.expect([pexpect.TIMEOUT , COMMAND_PROMPT] ,timeout=1)
print "sharing -a %s -s 100" % sharepath
child.sendline( "sharing -a %s -s 100" % sharepath)
i = child.expect([pexpect.TIMEOUT , COMMAND_PROMPT] ,timeout=1)
sys.exit(0)

~~~~~~~~~~~test .php
<html>
<body>
<?php

if (isset($_GET['sharename'])) {
$last_line = system("/Users/Shared/test.py {$_GET['sharename']}",
$retval);
if ($retval == 0) {
echo "<br><h2>Mo unt afp://xxx.xxx.xxx.xxx/{$_GET['sharename']}</h2>";
} else {
echo "<br><h2>Fa iled creating share!</h2>";
}
} else {

echo "<form action='test.ph p'>";
echo "<table>";
echo "<td>Name of share:</td><td><input type='text'
name='sharename '></td>";
echo "</table></form>";
}

?>
</body>
</html>

Oct 18 '06 #1
5 2747
Well, first i don't think it is a good idea to have the python script
tu su to root, but for it to work, i think (Totally unsure about that)
www has to be in group wheel to be able to su.

An other way to make your script run as root is to set the setuid bit
on your python script to make it run as root, without using su.
ha**********@gm ail.com wrote:
Hi all. I try not to post until I am stuck in hole with no way out. I
fought with this for several hours, and am currently in the hole.

I'm doing a proof of concept for creating afp shares dynamically
through a web interface from a client machine. I use a bit of php to
setup a simple form, and then have the php execute my python script on
the server. The python script tries to 'su' to root to create the
share, create dirs, set perms, etc

The python script alone works fine as 'www'. I can become 'www', run
it from the command line and the share is made. But when I try to have
the web server execute it, I continually get a password failure. I'm
positive the password is correct.

Any ideas?

~Sean D

~~~~~~~~~~~test .py
#! /usr/bin/env python

import commands, os, P, pexpect

sharename = sys.argv[1]

root = "/Users/Shared"
sharepath = os.path.join(ro ot, sharename)
password = P.P()

COMMAND_PROMPT = '[$%#]'
child = pexpect.spawn(' su')
i = child.expect([pexpect.TIMEOUT , '[Pp]assword:'], timeout=1)
child.sendline( password.Decryp t(password.sean ))

i = child.expect (['su: Sorry', COMMAND_PROMPT])

if i == 0:
print 'Password not accepted'
sys.exit(1)
else:
print "Making dir: %s" % sharepath
child.sendline( "mkdir %s" % sharepath)
i = child.expect([pexpect.TIMEOUT , COMMAND_PROMPT] ,timeout=1)
print "Setting group to 'audio'"
child.sendline( "chgrp audio %s" % sharepath)
i = child.expect([pexpect.TIMEOUT , COMMAND_PROMPT] ,timeout=1)
print "setting owner to 'audio01'"
child.sendline( "chown audio01 %s" % sharepath)
i = child.expect([pexpect.TIMEOUT , COMMAND_PROMPT] ,timeout=1)
print "Opening permissions"
child.sendline( "chmod 777 %s" % sharepath)
i = child.expect([pexpect.TIMEOUT , COMMAND_PROMPT] ,timeout=1)
print "sharing -a %s -s 100" % sharepath
child.sendline( "sharing -a %s -s 100" % sharepath)
i = child.expect([pexpect.TIMEOUT , COMMAND_PROMPT] ,timeout=1)
sys.exit(0)

~~~~~~~~~~~test .php
<html>
<body>
<?php

if (isset($_GET['sharename'])) {
$last_line = system("/Users/Shared/test.py {$_GET['sharename']}",
$retval);
if ($retval == 0) {
echo "<br><h2>Mo unt afp://xxx.xxx.xxx.xxx/{$_GET['sharename']}</h2>";
} else {
echo "<br><h2>Fa iled creating share!</h2>";
}
} else {

echo "<form action='test.ph p'>";
echo "<table>";
echo "<td>Name of share:</td><td><input type='text'
name='sharename '></td>";
echo "</table></form>";
}

?>
</body>
</html>
Oct 18 '06 #2
Well, first i don't think it is a good idea to have the python script
tu su to root, but for it to work, i think (Totally unsure about that)
www has to be in group wheel to be able to su.

Maybe sudo can help here.
Oct 18 '06 #3
Sudo is probably the best solution here, since in the file sudo.conf
you could restrict the www user only to the python script that requires
it.

Also, using either sudo or the setuid flag would remove the need of
pexpect since all the commands will be run as the designated user.

for setuid flag:
chmod u+s pythonScript.py
chown root pythonScript.py

for the sudo solution, add an entry to /etc/sudo.conf or /etc/sudoers ,
depending on distro:
the syntax for a line in sudo.conf is:
user hostlist = (userlist) commandlist

so you might want to add:
www localhost = NOPASSWD: /var/www/htdocs/pythonScript.py

note:
Replace the /var/www/htdocs/pythonScript.py with the path to where
your script is
the NOPASSWD: is a flag that tells sudo that no password is
required

Lee Harr wrote:
Well, first i don't think it is a good idea to have the python script
tu su to root, but for it to work, i think (Totally unsure about that)
www has to be in group wheel to be able to su.


Maybe sudo can help here.
Oct 18 '06 #4
Since it wont require pyexpect, and based on the operations you
accomplish with your python script, maybe that a bash script instead of
a python one might be the best tool for the job you're trying to
accomplish.
martdi wrote:
Sudo is probably the best solution here, since in the file sudo.conf
you could restrict the www user only to the python script that requires
it.

Also, using either sudo or the setuid flag would remove the need of
pexpect since all the commands will be run as the designated user.

for setuid flag:
chmod u+s pythonScript.py
chown root pythonScript.py

for the sudo solution, add an entry to /etc/sudo.conf or /etc/sudoers ,
depending on distro:
the syntax for a line in sudo.conf is:
user hostlist = (userlist) commandlist

so you might want to add:
www localhost = NOPASSWD: /var/www/htdocs/pythonScript.py

note:
Replace the /var/www/htdocs/pythonScript.py with the path to where
your script is
the NOPASSWD: is a flag that tells sudo that no password is
required

Lee Harr wrote:
Well, first i don't think it is a good idea to have the python script
tu su to root, but for it to work, i think (Totally unsure about that)
www has to be in group wheel to be able to su.

Maybe sudo can help here.
Oct 18 '06 #5
Thank you both for your help. I don't know why I didn't think of that
before. I had the expect mindset, and was determined to get it working
that way.

I added an entry for sudo for the script and it works without a hitch.
I'm still curious to know what was going on to disallow the
authentication in pexpect. I had added 'www' to user 'admin', and
could su to root from the command line, so I don't think that was it.
Maybe it was a timing error, ie pexpect fired off the password too soon
or too late, or something in the apache environment that just
disallowed becoming root for security reasons.

Problem solved.

~Sean

martdi wrote:
Since it wont require pyexpect, and based on the operations you
accomplish with your python script, maybe that a bash script instead of
a python one might be the best tool for the job you're trying to
accomplish.
martdi wrote:
Sudo is probably the best solution here, since in the file sudo.conf
you could restrict the www user only to the python script that requires
it.

Also, using either sudo or the setuid flag would remove the need of
pexpect since all the commands will be run as the designated user.

for setuid flag:
chmod u+s pythonScript.py
chown root pythonScript.py

for the sudo solution, add an entry to /etc/sudo.conf or /etc/sudoers ,
depending on distro:
the syntax for a line in sudo.conf is:
user hostlist = (userlist) commandlist

so you might want to add:
www localhost = NOPASSWD: /var/www/htdocs/pythonScript.py

note:
Replace the /var/www/htdocs/pythonScript.py with the path to where
your script is
the NOPASSWD: is a flag that tells sudo that no password is
required

Lee Harr wrote:
Well, first i don't think it is a good idea to have the python script
tu su to root, but for it to work, i think (Totally unsure about that)
www has to be in group wheel to be able to su.
>
>
Maybe sudo can help here.
Oct 19 '06 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
2
5343
pexpect exceptions
by: Michael Surette | last post by:
I have been trying to automate the changing of passwords using python and pexpect. I wrote a script as a test and it works, except that it gives me an exception when it stops running: Exception exceptions.OSError: (10, 'No child processes') in <bound method spawn.__del__ of <pexpect.spawn instance at 0x403d938c>> ignored What is happening and how do I get rid of the exception?
Python
2
2366
pexpect and OpenVMS
by: Adrian Casey | last post by:
I have a collection of tcl expect scripts which I am converting to python using the excellent pexpect module (http://pexpect.sourceforge.net/). So far I've had great success in getting all my scripts to work with various flavours of UNIX. However, OpenVMS is causing me problems. The tcl scripts work perfectly across UNIX and VMS. I'm converting them from tcl to python simply because python is more scalable and allows for better code...
Python
5
4525
add pexpect to the standard library, standard "install" mechanism.
by: funkyj | last post by:
I love pexpect because it means I may never have to use expect again (I don't do any heavy expect lifting -- I just need simple tty control)! As a python advocate I find it embarassing how difficult it is do the following in python (without pexpect): - logon to a remote system using ssh - do an 'ls' and exit the remote shell - print the output from the remote shell session.
Python
0
2164
Using pexpect with 'sudo'
by: dwelch91 | last post by:
I'm having a problem using pexpect with 'sudo' on Ubuntu 6.06 (Dapper). Here's the program: #!/usr/bin/env python import pexpect import sys child = pexpect.spawn("sudo apt-get update") child.logfile = sys.stdout
Python
1
10646
Problem with PEXPECT in Python
by: Kevin Erickson | last post by:
Hello, I am attempting to use pexpect in python to copy files from a server using scp; the copy works however exceptions are thrown and it exits unsuccessfully. Below is the a sample code and the error: #Begin Code import sys import pexpect
Python
8
5875
Pexpect and a Linux Terminal
by: asgarde | last post by:
hello, I'm new in Python and i would like to use Pexpect to execute a root command (i want to mount via a Pyhton script a drive) so that's my script for the moment : from os import * import pexpect import os
Python
5
8632
pexpect ssh login and ls | grep
by: crybaby | last post by:
I need to ssh into a remote machine and check if mytest.log file is there. I have setup ssh keys to handle login authentications. How do I determine if mytest.log is there by using Pexpect. What I have done so far is spawned a child for ssh. 1) Now what do I do to execute shell_cmd(ls and grep), spawn another child? 2) Can I use the same child that was spawned for ssh, if so how?
Python
1
4768
Pexpect echoes twice for each read
by: Sriram Rajan | last post by:
For some reason, Using pexpect causes my output to echo twice when I connect from my MAC Darwin (10.4) to Linux (CentOS release 5 ): The program: --------------------- #!/usr/bin/python # Automatic scp to remote host # Input 1 : filename # Input 2 : destination folder # Input 3 : hostname
Python
2
5379
SSH using PEXPECT
by: yellowblueyellow | last post by:
Hey , I need to SSH into a server .. (10.8.42.38) using pexpect the username is 'admin' and password is 'abc123' so far i have the following code import pexpect import sys import time import os
Python
0
8991
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
8830
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
9372
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
1
9324
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
1
6796
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
4606
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
0
4874
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
3313
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
2783
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us