http://hal.freedesktop.org/docs/polkit/pkexec.1.html
http://hal.freedesktop.org/docs/polkit/polkit.8.html
http://www.freedesktop.org/wiki/Software/PolicyKit
A python package:
http://pypi.python.org/pypi?:action=searchterm=polkitsubmit=search
But there is example python code here:
On 17/02/2011 06:46 p.m., Steven D'Aprano wrote:
On Thu, 17 Feb 2011 19:44:20 +, Katie T wrote:
Running any kind of script sudo'd is a bad idea, it's very very hard (in
many cases impossible) to do securely. Root permissions in general
should only be used for what they're needed for and
On Feb 18, 9:04 am, Ricardo Aráoz ricar...@gmail.com wrote:
I've always asked myself why can't a program be used by users of a
certain group but run with the privileges of some other user, not
necessarily the one that uses it, but one created specifically for the
tasks the program is
On 17 February 2011 18:39, Adam Skutt ask...@gmail.com wrote:
...
As Terry suggests (and I fully concur), all of these issues are best
solved by having a privileged daemon (though it may not need to be
root or entirely root).
I think this could be done more or less with the multiprocessing
way to
gain root privileges? (Am using Python 2.6.5, pygtk2 v2.16, Gtk
v2.18.9, on RHEL6.)
To which I would say, redesign the app so that you do not need root
privileges. There has been plentiful advice in this thread already,
but I would add:
Now that you've said what the requirement is, why
On 18.02.2011 15:22, Adam Skutt wrote:
On Feb 18, 9:04 am, Ricardo Aráozricar...@gmail.com wrote:
Many a time I have wanted to allow access to certain privileges to a user but
*only*
through a program. As far as security is concerned it would be enough
that only root has permission to give
On 18.02.2011 15:42, GSO wrote:
I note that policykit was created by redhat, and that RHEL6 does not
include gksudo in with its gnome for some odd reason.
Don't know if this helps you, but at least for CentOS 5.4, gksudo is
available in the gksu package from rpmforge.
--
On 18 February 2011 20:21, Alexander Kapps alex.ka...@web.de wrote:
...
IIUC, than SELinux can also help, since it allows program-specific
permissions. But I could easily be wrong here since I have yet to really
learn SElinux.
Who has, LOL! If you could post a (very very) quick 'I don't have
On 18 February 2011 20:23, Alexander Kapps alex.ka...@web.de wrote:
...
Don't know if this helps you, but at least for CentOS 5.4, gksudo is
available in the gksu package from rpmforge.
It looks as though policykit includes similar functionality, namely
the command pkexec replaces gksudo:
On Thu, Feb 17, 2011 at 2:12 AM, Dan Stromberg drsali...@gmail.com wrote:
On Wed, Feb 16, 2011 at 6:59 PM, Adam Skutt ask...@gmail.com wrote:
On Feb 16, 9:00 pm, Dan Stromberg drsali...@gmail.com wrote:
So yeah, whether you use perl or anything else invoked with #!, you're
pretty much better
On Feb 16, 10:43 pm, GSO gso...@yahoo.co.uk wrote:
OK, so I'm heading towards sudo then, aiming to make sure I don't
screw up the configuration. This is a home CCTV application, so I
want things as secure as possible. A setgid wrapper would require the
kind of skilled programming that I
I'm having a awfully hard time figuring out why a home CCTV
application might need privilege at all. Are you sure you really need
privilege? It sounds to me like there may be some larger design
issues mandating the need for privilege when it's not really
necessary.
A user login should
On 2/17/2011 10:32 AM, GSO wrote:
I'm having a awfully hard time figuring out why a home CCTV
application might need privilege at all. Are you sure you really need
privilege? It sounds to me like there may be some larger design
issues mandating the need for privilege when it's not really
On Feb 17, 10:32 am, GSO gso...@yahoo.co.uk wrote:
I'm having a awfully hard time figuring out why a home CCTV
application might need privilege at all. Are you sure you really need
privilege? It sounds to me like there may be some larger design
issues mandating the need for privilege
On Wed, Feb 16, 2011 at 9:26 PM, GSO gso...@yahoo.co.uk wrote:
I'm sure this question is as old as time, but what is the best way to
gain root privileges? (Am using Python 2.6.5, pygtk2 v2.16, Gtk
v2.18.9, on RHEL6.)
Running any kind of script sudo'd is a bad idea, it's very very hard
On 2/17/2011 1:39 PM, Adam Skutt wrote:
On Feb 17, 10:32 am, GSOgso...@yahoo.co.uk wrote:
I'm having a awfully hard time figuring out why a home CCTV
application might need privilege at all. Are you sure you really need
privilege? It sounds to me like there may be some larger design
issues
On Thu, 17 Feb 2011 19:44:20 +, Katie T wrote:
Running any kind of script sudo'd is a bad idea, it's very very hard (in
many cases impossible) to do securely. Root permissions in general
should only be used for what they're needed for and nothing else (that
means getting the permission,
Could restarts and cleanups be done with a root daemon separate from user
scripts?
I like the idea of a user creating a login as you do typically with
client/server progs, no need to have the root password all the time:
http://www.python.org/dev/peps/pep-3143/
Come to think of it, I would first consider creating a 'cctv' user that owns
the cameras and storage directories, and files and only do anything as root
if absolutely necessary.
You can run 'sudo -g [group] ...', so no need to go near root.
Running any kind of script sudo'd is a bad idea,
I'm sure this question is as old as time, but what is the best way to
gain root privileges? (Am using Python 2.6.5, pygtk2 v2.16, Gtk
v2.18.9, on RHEL6.)
Ta,
G.
gmotion
PyGTK desktop GUI for Motion (software motion detector)
http://code.google.com/p/gmotion/
--
http://mail.python.org/mailman
On Wed, 16 Feb 2011 21:26:26 +, GSO wrote:
I'm sure this question is as old as time, but what is the best way to
gain root privileges? (Am using Python 2.6.5, pygtk2 v2.16, Gtk
v2.18.9, on RHEL6.)
Gain root privileges for a script? Write a c wrapper to call the script,
chown
On Wed, 16 Feb 2011 15:29:53 -0600, Daniel Mahoney wrote:
On Wed, 16 Feb 2011 21:26:26 +, GSO wrote:
I'm sure this question is as old as time, but what is the best way to
gain root privileges? (Am using Python 2.6.5, pygtk2 v2.16, Gtk
v2.18.9, on RHEL6.)
Gain root privileges
On Wed, Feb 16, 2011 at 2:29 PM, Daniel Mahoney catd...@gmail.com wrote:
On Wed, 16 Feb 2011 21:26:26 +, GSO wrote:
I'm sure this question is as old as time, but what is the best way to
gain root privileges? (Am using Python 2.6.5, pygtk2 v2.16, Gtk
v2.18.9, on RHEL6.)
Gain root
On Wed, 16 Feb 2011 21:26:26 +, GSO wrote:
I'm sure this question is as old as time, but what is the best way to
gain root privileges? (Am using Python 2.6.5, pygtk2 v2.16, Gtk
v2.18.9, on RHEL6.)
Ta,
G.
gmotion
PyGTK desktop GUI for Motion (software motion detector)
http
On 16.02.2011 23:02, Ian Kelly wrote:
On Wed, Feb 16, 2011 at 2:29 PM, Daniel Mahoneycatd...@gmail.com wrote:
On Wed, 16 Feb 2011 21:26:26 +, GSO wrote:
I'm sure this question is as old as time, but what is the best way to
gain root privileges? (Am using Python 2.6.5, pygtk2 v2.16, Gtk
On 2/16/2011 1:26 PM GSO said...
I'm sure this question is as old as time, but what is the best way to
gain root privileges? (Am using Python 2.6.5, pygtk2 v2.16, Gtk
v2.18.9, on RHEL6.)
have root's password?
Emile
--
http://mail.python.org/mailman/listinfo/python-list
tomes.
G.
On 16 February 2011 22:45, Emile van Sebille em...@fenx.com wrote:
On 2/16/2011 1:26 PM GSO said...
I'm sure this question is as old as time, but what is the best way to
gain root privileges? (Am using Python 2.6.5, pygtk2 v2.16, Gtk
v2.18.9, on RHEL6.)
have root's password
On 17.02.2011 01:00, GSO wrote:
OK, thanks for the tips.
gksu* does not seem to be included with RHEL6 Desktop (though there is
a package called beesu)
On RHEL try consolehelper/userhelper instead which need additional
configuration.
The philosophy at the end of the day I think
is do your
Apols for being a nuisance. I'm normally if anything a web programmer.
It looks like there are set-id functions in the os module. Further I
don't actually need root privileges, just write access to a directory
that a user ordinarily does not have write access to (and preferably
not read). So a
On Wed, Feb 16, 2011 at 4:47 PM, Alexander Kapps alex.ka...@web.de wrote:
On 17.02.2011 01:00, GSO wrote:
Having said that I'm possibly arriving at the conclusion that a quick
perl script might be the simplest/easiest and most secure option - I
read perl includes code to safely run suid perl
pretty much better off with sudo, or a tiny C wrapper that's so simple
it's hard to get wrong. However, perl's taint feature would be useful
This snippet is about as tiny as it gets in C I think:
#include unistd.h
int main (int argc, char ** argv) {
int err;
char *newenv[] = { NULL };
if
On Feb 16, 8:40 pm, GSO gso...@yahoo.co.uk wrote:
Apols for being a nuisance. I'm normally if anything a web programmer.
It looks like there are set-id functions in the os module. Further I
don't actually need root privileges, just write access to a directory
that a user ordinarily does not
On Feb 16, 9:00 pm, Dan Stromberg drsali...@gmail.com wrote:
So yeah, whether you use perl or anything else invoked with #!, you're
pretty much better off with sudo, or a tiny C wrapper that's so simple
it's hard to get wrong.
UNIX makes this almost impossible unless your wrapper is
On Thu, 17 Feb 2011 01:47:10 +0100, Alexander Kapps wrote:
Having said that I'm possibly arriving at the conclusion that a quick
perl script might be the simplest/easiest and most secure option - I
read perl includes code to safely run suid perl scripts - will dig out
my perl tomes.
Not
Passing things through sudo(1) is really the only sensible route these
days but even that can be fraught with peril. For something as simple
as, 'Write to a normally restricted area' it's probably no more secure
than an ACL (and potentially way less if you screw up the sudo
configuration).
I essentially don't want to take a risk with a home CCTV prog., so
unless I can persuade a highly skilled Unix programmer to write a
wrapper (which I can't), then I think I'm best sticking with sudo.
--
http://mail.python.org/mailman/listinfo/python-list
On Wed, Feb 16, 2011 at 6:10 PM, GSO gso...@yahoo.co.uk wrote:
pretty much better off with sudo, or a tiny C wrapper that's so simple
it's hard to get wrong. However, perl's taint feature would be useful
This snippet is about as tiny as it gets in C I think:
Well, it could be tinier really,
On Wed, Feb 16, 2011 at 6:59 PM, Adam Skutt ask...@gmail.com wrote:
On Feb 16, 9:00 pm, Dan Stromberg drsali...@gmail.com wrote:
So yeah, whether you use perl or anything else invoked with #!, you're
pretty much better off with sudo, or a tiny C wrapper that's so simple
it's hard to get wrong.
38 matches
Mail list logo