Re: Best way to gain root privileges

2011-02-20 Thread GSO
http://hal.freedesktop.org/docs/polkit/pkexec.1.html http://hal.freedesktop.org/docs/polkit/polkit.8.html http://www.freedesktop.org/wiki/Software/PolicyKit A python package: http://pypi.python.org/pypi?:action=searchterm=polkitsubmit=search But there is example python code here:

Re: Best way to gain root privileges

2011-02-18 Thread Ricardo Aráoz
On 17/02/2011 06:46 p.m., Steven D'Aprano wrote: On Thu, 17 Feb 2011 19:44:20 +, Katie T wrote: Running any kind of script sudo'd is a bad idea, it's very very hard (in many cases impossible) to do securely. Root permissions in general should only be used for what they're needed for and

Re: Best way to gain root privileges

2011-02-18 Thread Adam Skutt
On Feb 18, 9:04 am, Ricardo Aráoz ricar...@gmail.com wrote: I've always asked myself why can't a program be used by users of a certain group but run with the privileges of some other user, not necessarily the one that uses it, but one created specifically for the tasks the program is

Re: Best way to gain root privileges

2011-02-18 Thread GSO
On 17 February 2011 18:39, Adam Skutt ask...@gmail.com wrote: ... As Terry suggests (and I fully concur), all of these issues are best solved by having a privileged daemon (though it may not need to be root or entirely root). I think this could be done more or less with the multiprocessing

Re: Best way to gain root privileges

2011-02-18 Thread John Pinner
way to gain root privileges? (Am using Python 2.6.5, pygtk2 v2.16, Gtk v2.18.9, on RHEL6.) To which I would say, redesign the app so that you do not need root privileges. There has been plentiful advice in this thread already, but I would add: Now that you've said what the requirement is, why

Re: Best way to gain root privileges

2011-02-18 Thread Alexander Kapps
On 18.02.2011 15:22, Adam Skutt wrote: On Feb 18, 9:04 am, Ricardo Aráozricar...@gmail.com wrote: Many a time I have wanted to allow access to certain privileges to a user but *only* through a program. As far as security is concerned it would be enough that only root has permission to give

Re: Best way to gain root privileges

2011-02-18 Thread Alexander Kapps
On 18.02.2011 15:42, GSO wrote: I note that policykit was created by redhat, and that RHEL6 does not include gksudo in with its gnome for some odd reason. Don't know if this helps you, but at least for CentOS 5.4, gksudo is available in the gksu package from rpmforge. --

Re: Best way to gain root privileges

2011-02-18 Thread GSO
On 18 February 2011 20:21, Alexander Kapps alex.ka...@web.de wrote: ... IIUC, than SELinux can also help, since it allows program-specific permissions. But I could easily be wrong here since I have yet to really learn SElinux. Who has, LOL! If you could post a (very very) quick 'I don't have

Re: Best way to gain root privileges

2011-02-18 Thread GSO
On 18 February 2011 20:23, Alexander Kapps alex.ka...@web.de wrote: ... Don't know if this helps you, but at least for CentOS 5.4, gksudo is available in the gksu package from rpmforge. It looks as though policykit includes similar functionality, namely the command pkexec replaces gksudo:

Re: Best way to gain root privileges

2011-02-17 Thread Adam Skutt
On Thu, Feb 17, 2011 at 2:12 AM, Dan Stromberg drsali...@gmail.com wrote: On Wed, Feb 16, 2011 at 6:59 PM, Adam Skutt ask...@gmail.com wrote: On Feb 16, 9:00 pm, Dan Stromberg drsali...@gmail.com wrote: So yeah, whether you use perl or anything else invoked with #!, you're pretty much better

Re: Best way to gain root privileges

2011-02-17 Thread Adam Skutt
On Feb 16, 10:43 pm, GSO gso...@yahoo.co.uk wrote: OK, so I'm heading towards sudo then, aiming to make sure I don't screw up the configuration.  This is a home CCTV application, so I want things as secure as possible.  A setgid wrapper would require the kind of skilled programming that I

Re: Best way to gain root privileges

2011-02-17 Thread GSO
I'm having a awfully hard time figuring out why a home CCTV application might need privilege at all.  Are you sure you really need privilege?  It sounds to me like there may be some larger design issues mandating the need for privilege when it's not really necessary. A user login should

Re: Best way to gain root privileges

2011-02-17 Thread Terry Reedy
On 2/17/2011 10:32 AM, GSO wrote: I'm having a awfully hard time figuring out why a home CCTV application might need privilege at all. Are you sure you really need privilege? It sounds to me like there may be some larger design issues mandating the need for privilege when it's not really

Re: Best way to gain root privileges

2011-02-17 Thread Adam Skutt
On Feb 17, 10:32 am, GSO gso...@yahoo.co.uk wrote: I'm having a awfully hard time figuring out why a home CCTV application might need privilege at all.  Are you sure you really need privilege?  It sounds to me like there may be some larger design issues mandating the need for privilege

Re: Best way to gain root privileges

2011-02-17 Thread Katie T
On Wed, Feb 16, 2011 at 9:26 PM, GSO gso...@yahoo.co.uk wrote: I'm sure this question is as old as time, but what is the best way to gain root privileges?  (Am using Python 2.6.5, pygtk2 v2.16, Gtk v2.18.9, on RHEL6.) Running any kind of script sudo'd is a bad idea, it's very very hard

Re: Best way to gain root privileges

2011-02-17 Thread Terry Reedy
On 2/17/2011 1:39 PM, Adam Skutt wrote: On Feb 17, 10:32 am, GSOgso...@yahoo.co.uk wrote: I'm having a awfully hard time figuring out why a home CCTV application might need privilege at all. Are you sure you really need privilege? It sounds to me like there may be some larger design issues

Re: Best way to gain root privileges

2011-02-17 Thread Steven D'Aprano
On Thu, 17 Feb 2011 19:44:20 +, Katie T wrote: Running any kind of script sudo'd is a bad idea, it's very very hard (in many cases impossible) to do securely. Root permissions in general should only be used for what they're needed for and nothing else (that means getting the permission,

Best way to gain root privileges

2011-02-17 Thread GSO
Could restarts and cleanups be done with a root daemon separate from user scripts? I like the idea of a user creating a login as you do typically with client/server progs, no need to have the root password all the time: http://www.python.org/dev/peps/pep-3143/

Re: Best way to gain root privileges

2011-02-17 Thread GSO
Come to think of it, I would first consider creating a 'cctv' user that owns the cameras and storage directories, and files and only do anything as root if absolutely necessary. You can run 'sudo -g [group] ...', so no need to go near root. Running any kind of script sudo'd is a bad idea,

Best way to gain root privileges

2011-02-16 Thread GSO
I'm sure this question is as old as time, but what is the best way to gain root privileges? (Am using Python 2.6.5, pygtk2 v2.16, Gtk v2.18.9, on RHEL6.) Ta, G. gmotion PyGTK desktop GUI for Motion (software motion detector) http://code.google.com/p/gmotion/ -- http://mail.python.org/mailman

Re: Best way to gain root privileges

2011-02-16 Thread Daniel Mahoney
On Wed, 16 Feb 2011 21:26:26 +, GSO wrote: I'm sure this question is as old as time, but what is the best way to gain root privileges? (Am using Python 2.6.5, pygtk2 v2.16, Gtk v2.18.9, on RHEL6.) Gain root privileges for a script? Write a c wrapper to call the script, chown

Re: Best way to gain root privileges

2011-02-16 Thread Steven D'Aprano
On Wed, 16 Feb 2011 15:29:53 -0600, Daniel Mahoney wrote: On Wed, 16 Feb 2011 21:26:26 +, GSO wrote: I'm sure this question is as old as time, but what is the best way to gain root privileges? (Am using Python 2.6.5, pygtk2 v2.16, Gtk v2.18.9, on RHEL6.) Gain root privileges

Re: Best way to gain root privileges

2011-02-16 Thread Ian Kelly
On Wed, Feb 16, 2011 at 2:29 PM, Daniel Mahoney catd...@gmail.com wrote: On Wed, 16 Feb 2011 21:26:26 +, GSO wrote: I'm sure this question is as old as time, but what is the best way to gain root privileges?  (Am using Python 2.6.5, pygtk2 v2.16, Gtk v2.18.9, on RHEL6.) Gain root

Re: Best way to gain root privileges

2011-02-16 Thread Alister Ware
On Wed, 16 Feb 2011 21:26:26 +, GSO wrote: I'm sure this question is as old as time, but what is the best way to gain root privileges? (Am using Python 2.6.5, pygtk2 v2.16, Gtk v2.18.9, on RHEL6.) Ta, G. gmotion PyGTK desktop GUI for Motion (software motion detector) http

Re: Best way to gain root privileges

2011-02-16 Thread Alexander Kapps
On 16.02.2011 23:02, Ian Kelly wrote: On Wed, Feb 16, 2011 at 2:29 PM, Daniel Mahoneycatd...@gmail.com wrote: On Wed, 16 Feb 2011 21:26:26 +, GSO wrote: I'm sure this question is as old as time, but what is the best way to gain root privileges? (Am using Python 2.6.5, pygtk2 v2.16, Gtk

Re: Best way to gain root privileges

2011-02-16 Thread Emile van Sebille
On 2/16/2011 1:26 PM GSO said... I'm sure this question is as old as time, but what is the best way to gain root privileges? (Am using Python 2.6.5, pygtk2 v2.16, Gtk v2.18.9, on RHEL6.) have root's password? Emile -- http://mail.python.org/mailman/listinfo/python-list

Re: Best way to gain root privileges

2011-02-16 Thread GSO
tomes. G. On 16 February 2011 22:45, Emile van Sebille em...@fenx.com wrote: On 2/16/2011 1:26 PM GSO said... I'm sure this question is as old as time, but what is the best way to gain root privileges?  (Am using Python 2.6.5, pygtk2 v2.16, Gtk v2.18.9, on RHEL6.) have root's password

Re: Best way to gain root privileges

2011-02-16 Thread Alexander Kapps
On 17.02.2011 01:00, GSO wrote: OK, thanks for the tips. gksu* does not seem to be included with RHEL6 Desktop (though there is a package called beesu) On RHEL try consolehelper/userhelper instead which need additional configuration. The philosophy at the end of the day I think is do your

Best way to gain root privileges

2011-02-16 Thread GSO
Apols for being a nuisance.  I'm normally if anything a web programmer. It looks like there are set-id functions in the os module.  Further I don't actually need root privileges, just write access to a directory that a user ordinarily does not have write access to (and preferably not read).  So a

Re: Best way to gain root privileges

2011-02-16 Thread Dan Stromberg
On Wed, Feb 16, 2011 at 4:47 PM, Alexander Kapps alex.ka...@web.de wrote: On 17.02.2011 01:00, GSO wrote: Having said that I'm possibly arriving at the conclusion that a quick perl script might be the simplest/easiest and most secure option - I read perl includes code to safely run suid perl

Re: Best way to gain root privileges

2011-02-16 Thread GSO
pretty much better off with sudo, or a tiny C wrapper that's so simple it's hard to get wrong.  However, perl's taint feature would be useful This snippet is about as tiny as it gets in C I think: #include unistd.h int main (int argc, char ** argv) { int err; char *newenv[] = { NULL }; if

Re: Best way to gain root privileges

2011-02-16 Thread Adam Skutt
On Feb 16, 8:40 pm, GSO gso...@yahoo.co.uk wrote: Apols for being a nuisance.  I'm normally if anything a web programmer. It looks like there are set-id functions in the os module.  Further I don't actually need root privileges, just write access to a directory that a user ordinarily does not

Re: Best way to gain root privileges

2011-02-16 Thread Adam Skutt
On Feb 16, 9:00 pm, Dan Stromberg drsali...@gmail.com wrote: So yeah, whether you use perl or anything else invoked with #!, you're pretty much better off with sudo, or a tiny C wrapper that's so simple it's hard to get wrong. UNIX makes this almost impossible unless your wrapper is

Re: Best way to gain root privileges

2011-02-16 Thread Nobody
On Thu, 17 Feb 2011 01:47:10 +0100, Alexander Kapps wrote: Having said that I'm possibly arriving at the conclusion that a quick perl script might be the simplest/easiest and most secure option - I read perl includes code to safely run suid perl scripts - will dig out my perl tomes. Not

Re: Best way to gain root privileges

2011-02-16 Thread GSO
Passing things through sudo(1) is really the only sensible route these days but even that can be fraught with peril.  For something as simple as, 'Write to a normally restricted area' it's probably no more secure than an ACL (and potentially way less if you screw up the sudo configuration).

Re: Best way to gain root privileges

2011-02-16 Thread GSO
I essentially don't want to take a risk with a home CCTV prog., so unless I can persuade a highly skilled Unix programmer to write a wrapper (which I can't), then I think I'm best sticking with sudo. -- http://mail.python.org/mailman/listinfo/python-list

Re: Best way to gain root privileges

2011-02-16 Thread Dan Stromberg
On Wed, Feb 16, 2011 at 6:10 PM, GSO gso...@yahoo.co.uk wrote: pretty much better off with sudo, or a tiny C wrapper that's so simple it's hard to get wrong.  However, perl's taint feature would be useful This snippet is about as tiny as it gets in C I think: Well, it could be tinier really,

Re: Best way to gain root privileges

2011-02-16 Thread Dan Stromberg
On Wed, Feb 16, 2011 at 6:59 PM, Adam Skutt ask...@gmail.com wrote: On Feb 16, 9:00 pm, Dan Stromberg drsali...@gmail.com wrote: So yeah, whether you use perl or anything else invoked with #!, you're pretty much better off with sudo, or a tiny C wrapper that's so simple it's hard to get wrong.