473,725 Members | 2,053 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

pexpect with apache

Hi all. I try not to post until I am stuck in hole with no way out. I
fought with this for several hours, and am currently in the hole.

I'm doing a proof of concept for creating afp shares dynamically
through a web interface from a client machine. I use a bit of php to
setup a simple form, and then have the php execute my python script on
the server. The python script tries to 'su' to root to create the
share, create dirs, set perms, etc

The python script alone works fine as 'www'. I can become 'www', run
it from the command line and the share is made. But when I try to have
the web server execute it, I continually get a password failure. I'm
positive the password is correct.

Any ideas?

~Sean D

~~~~~~~~~~~test .py
#! /usr/bin/env python

import commands, os, P, pexpect

sharename = sys.argv[1]

root = "/Users/Shared"
sharepath = os.path.join(ro ot, sharename)
password = P.P()

COMMAND_PROMPT = '[$%#]'
child = pexpect.spawn(' su')
i = child.expect([pexpect.TIMEOUT , '[Pp]assword:'], timeout=1)
child.sendline( password.Decryp t(password.sean ))

i = child.expect (['su: Sorry', COMMAND_PROMPT])

if i == 0:
print 'Password not accepted'
sys.exit(1)
else:
print "Making dir: %s" % sharepath
child.sendline( "mkdir %s" % sharepath)
i = child.expect([pexpect.TIMEOUT , COMMAND_PROMPT] ,timeout=1)
print "Setting group to 'audio'"
child.sendline( "chgrp audio %s" % sharepath)
i = child.expect([pexpect.TIMEOUT , COMMAND_PROMPT] ,timeout=1)
print "setting owner to 'audio01'"
child.sendline( "chown audio01 %s" % sharepath)
i = child.expect([pexpect.TIMEOUT , COMMAND_PROMPT] ,timeout=1)
print "Opening permissions"
child.sendline( "chmod 777 %s" % sharepath)
i = child.expect([pexpect.TIMEOUT , COMMAND_PROMPT] ,timeout=1)
print "sharing -a %s -s 100" % sharepath
child.sendline( "sharing -a %s -s 100" % sharepath)
i = child.expect([pexpect.TIMEOUT , COMMAND_PROMPT] ,timeout=1)
sys.exit(0)

~~~~~~~~~~~test .php
<html>
<body>
<?php

if (isset($_GET['sharename'])) {
$last_line = system("/Users/Shared/test.py {$_GET['sharename']}",
$retval);
if ($retval == 0) {
echo "<br><h2>Mo unt afp://xxx.xxx.xxx.xxx/{$_GET['sharename']}</h2>";
} else {
echo "<br><h2>Fa iled creating share!</h2>";
}
} else {

echo "<form action='test.ph p'>";
echo "<table>";
echo "<td>Name of share:</td><td><input type='text'
name='sharename '></td>";
echo "</table></form>";
}

?>
</body>
</html>

Oct 18 '06 #1
5 2738
Well, first i don't think it is a good idea to have the python script
tu su to root, but for it to work, i think (Totally unsure about that)
www has to be in group wheel to be able to su.

An other way to make your script run as root is to set the setuid bit
on your python script to make it run as root, without using su.
ha**********@gm ail.com wrote:
Hi all. I try not to post until I am stuck in hole with no way out. I
fought with this for several hours, and am currently in the hole.

I'm doing a proof of concept for creating afp shares dynamically
through a web interface from a client machine. I use a bit of php to
setup a simple form, and then have the php execute my python script on
the server. The python script tries to 'su' to root to create the
share, create dirs, set perms, etc

The python script alone works fine as 'www'. I can become 'www', run
it from the command line and the share is made. But when I try to have
the web server execute it, I continually get a password failure. I'm
positive the password is correct.

Any ideas?

~Sean D

~~~~~~~~~~~test .py
#! /usr/bin/env python

import commands, os, P, pexpect

sharename = sys.argv[1]

root = "/Users/Shared"
sharepath = os.path.join(ro ot, sharename)
password = P.P()

COMMAND_PROMPT = '[$%#]'
child = pexpect.spawn(' su')
i = child.expect([pexpect.TIMEOUT , '[Pp]assword:'], timeout=1)
child.sendline( password.Decryp t(password.sean ))

i = child.expect (['su: Sorry', COMMAND_PROMPT])

if i == 0:
print 'Password not accepted'
sys.exit(1)
else:
print "Making dir: %s" % sharepath
child.sendline( "mkdir %s" % sharepath)
i = child.expect([pexpect.TIMEOUT , COMMAND_PROMPT] ,timeout=1)
print "Setting group to 'audio'"
child.sendline( "chgrp audio %s" % sharepath)
i = child.expect([pexpect.TIMEOUT , COMMAND_PROMPT] ,timeout=1)
print "setting owner to 'audio01'"
child.sendline( "chown audio01 %s" % sharepath)
i = child.expect([pexpect.TIMEOUT , COMMAND_PROMPT] ,timeout=1)
print "Opening permissions"
child.sendline( "chmod 777 %s" % sharepath)
i = child.expect([pexpect.TIMEOUT , COMMAND_PROMPT] ,timeout=1)
print "sharing -a %s -s 100" % sharepath
child.sendline( "sharing -a %s -s 100" % sharepath)
i = child.expect([pexpect.TIMEOUT , COMMAND_PROMPT] ,timeout=1)
sys.exit(0)

~~~~~~~~~~~test .php
<html>
<body>
<?php

if (isset($_GET['sharename'])) {
$last_line = system("/Users/Shared/test.py {$_GET['sharename']}",
$retval);
if ($retval == 0) {
echo "<br><h2>Mo unt afp://xxx.xxx.xxx.xxx/{$_GET['sharename']}</h2>";
} else {
echo "<br><h2>Fa iled creating share!</h2>";
}
} else {

echo "<form action='test.ph p'>";
echo "<table>";
echo "<td>Name of share:</td><td><input type='text'
name='sharename '></td>";
echo "</table></form>";
}

?>
</body>
</html>
Oct 18 '06 #2
Well, first i don't think it is a good idea to have the python script
tu su to root, but for it to work, i think (Totally unsure about that)
www has to be in group wheel to be able to su.

Maybe sudo can help here.
Oct 18 '06 #3
Sudo is probably the best solution here, since in the file sudo.conf
you could restrict the www user only to the python script that requires
it.

Also, using either sudo or the setuid flag would remove the need of
pexpect since all the commands will be run as the designated user.

for setuid flag:
chmod u+s pythonScript.py
chown root pythonScript.py

for the sudo solution, add an entry to /etc/sudo.conf or /etc/sudoers ,
depending on distro:
the syntax for a line in sudo.conf is:
user hostlist = (userlist) commandlist

so you might want to add:
www localhost = NOPASSWD: /var/www/htdocs/pythonScript.py

note:
Replace the /var/www/htdocs/pythonScript.py with the path to where
your script is
the NOPASSWD: is a flag that tells sudo that no password is
required

Lee Harr wrote:
Well, first i don't think it is a good idea to have the python script
tu su to root, but for it to work, i think (Totally unsure about that)
www has to be in group wheel to be able to su.


Maybe sudo can help here.
Oct 18 '06 #4
Since it wont require pyexpect, and based on the operations you
accomplish with your python script, maybe that a bash script instead of
a python one might be the best tool for the job you're trying to
accomplish.
martdi wrote:
Sudo is probably the best solution here, since in the file sudo.conf
you could restrict the www user only to the python script that requires
it.

Also, using either sudo or the setuid flag would remove the need of
pexpect since all the commands will be run as the designated user.

for setuid flag:
chmod u+s pythonScript.py
chown root pythonScript.py

for the sudo solution, add an entry to /etc/sudo.conf or /etc/sudoers ,
depending on distro:
the syntax for a line in sudo.conf is:
user hostlist = (userlist) commandlist

so you might want to add:
www localhost = NOPASSWD: /var/www/htdocs/pythonScript.py

note:
Replace the /var/www/htdocs/pythonScript.py with the path to where
your script is
the NOPASSWD: is a flag that tells sudo that no password is
required

Lee Harr wrote:
Well, first i don't think it is a good idea to have the python script
tu su to root, but for it to work, i think (Totally unsure about that)
www has to be in group wheel to be able to su.

Maybe sudo can help here.
Oct 18 '06 #5
Thank you both for your help. I don't know why I didn't think of that
before. I had the expect mindset, and was determined to get it working
that way.

I added an entry for sudo for the script and it works without a hitch.
I'm still curious to know what was going on to disallow the
authentication in pexpect. I had added 'www' to user 'admin', and
could su to root from the command line, so I don't think that was it.
Maybe it was a timing error, ie pexpect fired off the password too soon
or too late, or something in the apache environment that just
disallowed becoming root for security reasons.

Problem solved.

~Sean

martdi wrote:
Since it wont require pyexpect, and based on the operations you
accomplish with your python script, maybe that a bash script instead of
a python one might be the best tool for the job you're trying to
accomplish.
martdi wrote:
Sudo is probably the best solution here, since in the file sudo.conf
you could restrict the www user only to the python script that requires
it.

Also, using either sudo or the setuid flag would remove the need of
pexpect since all the commands will be run as the designated user.

for setuid flag:
chmod u+s pythonScript.py
chown root pythonScript.py

for the sudo solution, add an entry to /etc/sudo.conf or /etc/sudoers ,
depending on distro:
the syntax for a line in sudo.conf is:
user hostlist = (userlist) commandlist

so you might want to add:
www localhost = NOPASSWD: /var/www/htdocs/pythonScript.py

note:
Replace the /var/www/htdocs/pythonScript.py with the path to where
your script is
the NOPASSWD: is a flag that tells sudo that no password is
required

Lee Harr wrote:
Well, first i don't think it is a good idea to have the python script
tu su to root, but for it to work, i think (Totally unsure about that)
www has to be in group wheel to be able to su.
>
>
Maybe sudo can help here.
Oct 19 '06 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
5342
by: Michael Surette | last post by:
I have been trying to automate the changing of passwords using python and pexpect. I wrote a script as a test and it works, except that it gives me an exception when it stops running: Exception exceptions.OSError: (10, 'No child processes') in <bound method spawn.__del__ of <pexpect.spawn instance at 0x403d938c>> ignored What is happening and how do I get rid of the exception?
2
2362
by: Adrian Casey | last post by:
I have a collection of tcl expect scripts which I am converting to python using the excellent pexpect module (http://pexpect.sourceforge.net/). So far I've had great success in getting all my scripts to work with various flavours of UNIX. However, OpenVMS is causing me problems. The tcl scripts work perfectly across UNIX and VMS. I'm converting them from tcl to python simply because python is more scalable and allows for better code...
5
4524
by: funkyj | last post by:
I love pexpect because it means I may never have to use expect again (I don't do any heavy expect lifting -- I just need simple tty control)! As a python advocate I find it embarassing how difficult it is do the following in python (without pexpect): - logon to a remote system using ssh - do an 'ls' and exit the remote shell - print the output from the remote shell session.
0
2163
by: dwelch91 | last post by:
I'm having a problem using pexpect with 'sudo' on Ubuntu 6.06 (Dapper). Here's the program: #!/usr/bin/env python import pexpect import sys child = pexpect.spawn("sudo apt-get update") child.logfile = sys.stdout
1
10645
by: Kevin Erickson | last post by:
Hello, I am attempting to use pexpect in python to copy files from a server using scp; the copy works however exceptions are thrown and it exits unsuccessfully. Below is the a sample code and the error: #Begin Code import sys import pexpect
8
5871
by: asgarde | last post by:
hello, I'm new in Python and i would like to use Pexpect to execute a root command (i want to mount via a Pyhton script a drive) so that's my script for the moment : from os import * import pexpect import os
5
8630
by: crybaby | last post by:
I need to ssh into a remote machine and check if mytest.log file is there. I have setup ssh keys to handle login authentications. How do I determine if mytest.log is there by using Pexpect. What I have done so far is spawned a child for ssh. 1) Now what do I do to execute shell_cmd(ls and grep), spawn another child? 2) Can I use the same child that was spawned for ssh, if so how?
1
4768
by: Sriram Rajan | last post by:
For some reason, Using pexpect causes my output to echo twice when I connect from my MAC Darwin (10.4) to Linux (CentOS release 5 ): The program: --------------------- #!/usr/bin/python # Automatic scp to remote host # Input 1 : filename # Input 2 : destination folder # Input 3 : hostname
2
5375
by: yellowblueyellow | last post by:
Hey , I need to SSH into a server .. (10.8.42.38) using pexpect the username is 'admin' and password is 'abc123' so far i have the following code import pexpect import sys import time import os
0
8886
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
9401
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
1
9168
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
9105
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
1
6701
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
4780
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
3218
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
2632
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
3
2154
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.