Hi all. I try not to post until I am stuck in hole with no way out. I
fought with this for several hours, and am currently in the hole.
I'm doing a proof of concept for creating afp shares dynamically
through a web interface from a client machine. I use a bit of php to
setup a simple form, and then have the php execute my python script on
the server. The python script tries to 'su' to root to create the
share, create dirs, set perms, etc
The python script alone works fine as 'www'. I can become 'www', run
it from the command line and the share is made. But when I try to have
the web server execute it, I continually get a password failure. I'm
positive the password is correct.
Any ideas?
~Sean D
~~~~~~~~~~~test.py
#! /usr/bin/env python
import commands, os, P, pexpect
sharename = sys.argv[1]
root = "/Users/Shared"
sharepath = os.path.join(root, sharename)
password = P.P()
COMMAND_PROMPT = '[$%#]'
child = pexpect.spawn('su')
i = child.expect([pexpect.TIMEOUT, '[Pp]assword:'], timeout=1)
child.sendline(password.Decrypt(password.sean))
i = child.expect (['su: Sorry', COMMAND_PROMPT])
if i == 0:
print 'Password not accepted'
sys.exit(1)
else:
print "Making dir: %s" % sharepath
child.sendline("mkdir %s" % sharepath)
i = child.expect([pexpect.TIMEOUT, COMMAND_PROMPT] ,timeout=1)
print "Setting group to 'audio'"
child.sendline("chgrp audio %s" % sharepath)
i = child.expect([pexpect.TIMEOUT, COMMAND_PROMPT] ,timeout=1)
print "setting owner to 'audio01'"
child.sendline("chown audio01 %s" % sharepath)
i = child.expect([pexpect.TIMEOUT, COMMAND_PROMPT] ,timeout=1)
print "Opening permissions"
child.sendline("chmod 777 %s" % sharepath)
i = child.expect([pexpect.TIMEOUT, COMMAND_PROMPT] ,timeout=1)
print "sharing -a %s -s 100" % sharepath
child.sendline("sharing -a %s -s 100" % sharepath)
i = child.expect([pexpect.TIMEOUT, COMMAND_PROMPT] ,timeout=1)
sys.exit(0)
~~~~~~~~~~~test.php
<html>
<body>
<?php
if (isset($_GET['sharename'])) {
$last_line = system("/Users/Shared/test.py {$_GET['sharename']}",
$retval);
if ($retval == 0) {
echo "<br><h2>Mount afp://xxx.xxx.xxx.xxx/{$_GET['sharename']}</h2>";
} else {
echo "<br><h2>Failed creating share!</h2>";
}
} else {
echo "<form action='test.php'>";
echo "<table>";
echo "<td>Name of share:</td><td><input type='text'
name='sharename'></td>";
echo "</table></form>";
}
?>
</body>
</html> 5 2710
Well, first i don't think it is a good idea to have the python script
tu su to root, but for it to work, i think (Totally unsure about that)
www has to be in group wheel to be able to su.
An other way to make your script run as root is to set the setuid bit
on your python script to make it run as root, without using su. ha**********@gmail.com wrote:
Hi all. I try not to post until I am stuck in hole with no way out. I
fought with this for several hours, and am currently in the hole.
I'm doing a proof of concept for creating afp shares dynamically
through a web interface from a client machine. I use a bit of php to
setup a simple form, and then have the php execute my python script on
the server. The python script tries to 'su' to root to create the
share, create dirs, set perms, etc
The python script alone works fine as 'www'. I can become 'www', run
it from the command line and the share is made. But when I try to have
the web server execute it, I continually get a password failure. I'm
positive the password is correct.
Any ideas?
~Sean D
~~~~~~~~~~~test.py
#! /usr/bin/env python
import commands, os, P, pexpect
sharename = sys.argv[1]
root = "/Users/Shared"
sharepath = os.path.join(root, sharename)
password = P.P()
COMMAND_PROMPT = '[$%#]'
child = pexpect.spawn('su')
i = child.expect([pexpect.TIMEOUT, '[Pp]assword:'], timeout=1)
child.sendline(password.Decrypt(password.sean))
i = child.expect (['su: Sorry', COMMAND_PROMPT])
if i == 0:
print 'Password not accepted'
sys.exit(1)
else:
print "Making dir: %s" % sharepath
child.sendline("mkdir %s" % sharepath)
i = child.expect([pexpect.TIMEOUT, COMMAND_PROMPT] ,timeout=1)
print "Setting group to 'audio'"
child.sendline("chgrp audio %s" % sharepath)
i = child.expect([pexpect.TIMEOUT, COMMAND_PROMPT] ,timeout=1)
print "setting owner to 'audio01'"
child.sendline("chown audio01 %s" % sharepath)
i = child.expect([pexpect.TIMEOUT, COMMAND_PROMPT] ,timeout=1)
print "Opening permissions"
child.sendline("chmod 777 %s" % sharepath)
i = child.expect([pexpect.TIMEOUT, COMMAND_PROMPT] ,timeout=1)
print "sharing -a %s -s 100" % sharepath
child.sendline("sharing -a %s -s 100" % sharepath)
i = child.expect([pexpect.TIMEOUT, COMMAND_PROMPT] ,timeout=1)
sys.exit(0)
~~~~~~~~~~~test.php
<html>
<body>
<?php
if (isset($_GET['sharename'])) {
$last_line = system("/Users/Shared/test.py {$_GET['sharename']}",
$retval);
if ($retval == 0) {
echo "<br><h2>Mount afp://xxx.xxx.xxx.xxx/{$_GET['sharename']}</h2>";
} else {
echo "<br><h2>Failed creating share!</h2>";
}
} else {
echo "<form action='test.php'>";
echo "<table>";
echo "<td>Name of share:</td><td><input type='text'
name='sharename'></td>";
echo "</table></form>";
}
?>
</body>
</html>
Well, first i don't think it is a good idea to have the python script
tu su to root, but for it to work, i think (Totally unsure about that)
www has to be in group wheel to be able to su.
Maybe sudo can help here.
Sudo is probably the best solution here, since in the file sudo.conf
you could restrict the www user only to the python script that requires
it.
Also, using either sudo or the setuid flag would remove the need of
pexpect since all the commands will be run as the designated user.
for setuid flag:
chmod u+s pythonScript.py
chown root pythonScript.py
for the sudo solution, add an entry to /etc/sudo.conf or /etc/sudoers ,
depending on distro:
the syntax for a line in sudo.conf is:
user hostlist = (userlist) commandlist
so you might want to add:
www localhost = NOPASSWD: /var/www/htdocs/pythonScript.py
note:
Replace the /var/www/htdocs/pythonScript.py with the path to where
your script is
the NOPASSWD: is a flag that tells sudo that no password is
required
Lee Harr wrote:
Well, first i don't think it is a good idea to have the python script
tu su to root, but for it to work, i think (Totally unsure about that)
www has to be in group wheel to be able to su.
Maybe sudo can help here.
Since it wont require pyexpect, and based on the operations you
accomplish with your python script, maybe that a bash script instead of
a python one might be the best tool for the job you're trying to
accomplish.
martdi wrote:
Sudo is probably the best solution here, since in the file sudo.conf
you could restrict the www user only to the python script that requires
it.
Also, using either sudo or the setuid flag would remove the need of
pexpect since all the commands will be run as the designated user.
for setuid flag:
chmod u+s pythonScript.py
chown root pythonScript.py
for the sudo solution, add an entry to /etc/sudo.conf or /etc/sudoers ,
depending on distro:
the syntax for a line in sudo.conf is:
user hostlist = (userlist) commandlist
so you might want to add:
www localhost = NOPASSWD: /var/www/htdocs/pythonScript.py
note:
Replace the /var/www/htdocs/pythonScript.py with the path to where
your script is
the NOPASSWD: is a flag that tells sudo that no password is
required
Lee Harr wrote:
Well, first i don't think it is a good idea to have the python script
tu su to root, but for it to work, i think (Totally unsure about that)
www has to be in group wheel to be able to su.
Maybe sudo can help here.
Thank you both for your help. I don't know why I didn't think of that
before. I had the expect mindset, and was determined to get it working
that way.
I added an entry for sudo for the script and it works without a hitch.
I'm still curious to know what was going on to disallow the
authentication in pexpect. I had added 'www' to user 'admin', and
could su to root from the command line, so I don't think that was it.
Maybe it was a timing error, ie pexpect fired off the password too soon
or too late, or something in the apache environment that just
disallowed becoming root for security reasons.
Problem solved.
~Sean
martdi wrote:
Since it wont require pyexpect, and based on the operations you
accomplish with your python script, maybe that a bash script instead of
a python one might be the best tool for the job you're trying to
accomplish.
martdi wrote:
Sudo is probably the best solution here, since in the file sudo.conf
you could restrict the www user only to the python script that requires
it.
Also, using either sudo or the setuid flag would remove the need of
pexpect since all the commands will be run as the designated user.
for setuid flag:
chmod u+s pythonScript.py
chown root pythonScript.py
for the sudo solution, add an entry to /etc/sudo.conf or /etc/sudoers ,
depending on distro:
the syntax for a line in sudo.conf is:
user hostlist = (userlist) commandlist
so you might want to add:
www localhost = NOPASSWD: /var/www/htdocs/pythonScript.py
note:
Replace the /var/www/htdocs/pythonScript.py with the path to where
your script is
the NOPASSWD: is a flag that tells sudo that no password is
required
Lee Harr wrote:
Well, first i don't think it is a good idea to have the python script
tu su to root, but for it to work, i think (Totally unsure about that)
www has to be in group wheel to be able to su.
>
>
Maybe sudo can help here.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Michael Surette |
last post by:
I have been trying to automate the changing of passwords using python and
pexpect. I wrote a script as a test and it works, except that it gives me
an exception when it stops running:
Exception...
|
by: Adrian Casey |
last post by:
I have a collection of tcl expect scripts which I am converting to python
using the excellent pexpect module (http://pexpect.sourceforge.net/). So
far I've had great success in getting all my...
|
by: funkyj |
last post by:
I love pexpect because it means I may never have to use expect again (I
don't do any heavy expect lifting -- I just need simple tty control)!
As a python advocate I find it embarassing how...
|
by: dwelch91 |
last post by:
I'm having a problem using pexpect with 'sudo' on Ubuntu 6.06 (Dapper).
Here's the program:
#!/usr/bin/env python
import pexpect
import sys
child = pexpect.spawn("sudo apt-get update")...
|
by: Kevin Erickson |
last post by:
Hello,
I am attempting to use pexpect in python to copy files from a server
using scp; the copy works however exceptions are thrown and it exits
unsuccessfully. Below is the a sample code and...
| |
by: asgarde |
last post by:
hello,
I'm new in Python and i would like to use Pexpect to execute a root
command (i want to mount via a Pyhton script a drive)
so that's my script for the moment :
from os import *...
|
by: crybaby |
last post by:
I need to ssh into a remote machine and check if mytest.log file is
there. I have setup ssh keys to handle login authentications.
How do I determine if mytest.log is there by using Pexpect. What...
|
by: Sriram Rajan |
last post by:
For some reason, Using pexpect causes my output to echo twice when I
connect from my MAC Darwin (10.4) to Linux (CentOS release 5 ):
The program:
---------------------
#!/usr/bin/python
#...
|
by: yellowblueyellow |
last post by:
Hey , I need to SSH into a server .. (10.8.42.38) using pexpect the
username is 'admin' and password is 'abc123' so far i have the
following code
import pexpect
import sys
import time...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
| |