> > Passing things through sudo(1) is really the only sensible route these > days but even that can be fraught with peril. For something as simple > as, 'Write to a normally restricted area' it's probably no more secure > than an ACL (and potentially way less if you screw up the sudo > configuration). >
OK, so I'm heading towards sudo then, aiming to make sure I don't screw up the configuration. This is a home CCTV application, so I want things as secure as possible. A setgid wrapper would require the kind of skilled programming that I couldn't do myself in order to keep things at a high level of security, but sudo I can handle. There is also policykit http://live.gnome.org/PolicyKit which I mentioned in the initial post I think - not sure if this python lib can be used to do what I need though... https://fedorahosted.org/python-slip/ -- http://mail.python.org/mailman/listinfo/python-list