The script create some files in directories which need sudo permissions and executes few command that also need sudo privillage.
I want to execute that script giving sudo privillage.
Is there any way to do that ?
I am trying to execute it with python-shell module as well as spawn child process.
I never got any answer on it, So I researched it on my own. The besy way to run any shell command or script is by using node-cmd moudle. It works soo bright .
Just run the node script with sudo privillege, and you are good to go .
It's bad practice to give sudo, as a hacker could do anything if there is any security issues. You could give the user witch runs the web server the permission to do the task your task is intending to do.
In general try to avoid root whenever you can.
Related
I have to call some shell command in my python script as root and I do not want to run the entire python script as root. I can of course prefix those command with sudo in Popen, however it does not really show what commands ask for sudo. Also I heard the recommanded way to do such things are through polkit. We were using pkexec. However, there were nasty bugs resulting security holes. And the pkexec seems on the brink of deprecation.
I knew we could somehow wrap the commands into some our own dbus service. Then run our script as dbus client. However, this solution is rather annoying and I do not know much about dbus. I wonder if there is a way to just call shell command as root without creating our own dbus/systemd service. Is there already some dbus service allow us run shell command?
If someone can give me an example similar to this but also call commands like echo test > /root/test.txt, we will be highly appreciated.
So, on a Raspberry Pi I'm using a camera app with a web interface, I wanted to add LED lighting by adding a neopixel. I have successfully done this and can now turn it on and off running two python scripts.
Explanation and question:
I have a python script in /usr/local/bin that is executable.
It is owned by 'root root'.
I have a shell script in /var/www/html/macros that is executable and has to run the python script in /usr/local/bin.
The shell script is owned by 'www-data'
When I manually run the python file, it executes the script.
When I manually run the shell script, it executes the python script.
When I run the shell script by clicking on a button on my webpage, it seems to execute the shell script correctly, however, it looks like it doesn't execute the python script.
What can I do to fix this?
I'm not that experienced with permissions, but I wanted to emphasize on the fact that this is a closed system that does not contain any sensitive information. So safety/best practice is not a concern. I just want to make this work.
I'm not an expert in this area, but I believe to access /usr/local/bin/ you need root privileges which explains why you're having success but not Apache.
Rather than give Apache root permissions, it's best to simply remove the requirement from the individual file you want to execute. This can be accomplished by
$ cd /usr/local/bin
$ sudo chmod 777 your_script.py
Now, after 11 hours and a group of people thinking along we found a solution to the problem.
The problem turned out to be that the Web interface can only execute as 'www-data', and the NeoPixel library that the python script depends on needs to be executed as sudo/root.
These two factors make it so that there will never be a direct way of getting the scripts to work together.
However, the idea emerged to use some sort of pipe.
A brilliant user suggested to me to use sshpass. This would allow to pass data to ssh and have it essentially be executed as a root user.
The data from the web interface would be relayed to the sshpass and this would successfully run the needed scripts with the needed privileges.
Special thanks to Minty Trebor and Falcounet from the RRF for LPC/STM Discord!
I'm working on a GUI applications which calls two system commands respectively.
Those two commands require root permissions to be executed.
The first approach I made, is to call gksu <command_1>, then gksu <command_2>.
This works fine but the user must enter his password twice respectively, and I believe this is not good idea from a UX perspective.
I tried to call gksu with the first command and sudo with the second, but I get this error:
sudo: no tty present and no askpass program specified
So I tried to separate those command in a python file and call a command from the original file that looks like gksu python3 commands.py.
I'm not sure whether this would be executed after I release a compiled version of the whole project, as I intend to use pyinstaller --onefile on it !
So, what I need exactly is to make the app be able to run a specific script with super user privileges considering the final state of the app which would be an executable-binary file and that doesn't include running the whole app with root permissions .
Thanks to Itz Wam, His answer guided me to the correct solution which is Using pkexec instead of gksu like this:
pkexec bash -c "command_1;command_2"
You could execute this :
gksu -- bash -c 'command1; command2; command3'
It will ask your password one time and execute the 3 commands as root
Source : https://askubuntu.com/questions/183608/gksudo-2-commands-with-one-pw-entry
I am trying to run a Python script called probemon.py in cron (crontab -e) and cannot get it to work. The path to the file is /home/pi/probemon.py and this must be run with the sudo command usually (i.e. sudo python probemon.py). I have tried many methods, including:
52 23 * * * sudo python /home/pi/probemon/probemon.py
and yet nothing works. Any ideas about how to do this?
Try adding the command to the sudo-users crontab instead of trying to run it with a sudo from a normal users crontab. I think what happends is that "sudo ..." will ask for the sudo-password, and wait in this stage forever, since noone is providing one.
I'm writing a Python script that will run on a Raspberry that will read the temperature from a sensor and log to Thingspeak. I have this working with a bash script but wan't to do it with Python since it will be easier to manipulate and check the read values. The sensor reading is done with a library called loldht. I was trying to do it like this:
from subprocess import STDOUT, check_output
output = check_output("/home/pi/bin/lol_dht22/loldht", timeout=10)
The problem is that I have to run the library with sudo to be able to access the pins. I will run the script as a cron. Is it possible to run this with sudo?
Or could I create a bash script that executes 'sudo loldht' and then run the bash script from python?
I will run the script as a cron. Is it possible to run this with sudo?
You can put python script.py in the cron of a user with sufficient privileges (e.g. root or a user with permissions to files and devices in question)
I don't know which OS you're using, but if Raspbian is close to Debian, there is no need for sudo or root, just use a user with sufficient permissions.
It seems I can also do this check_output check_output(["sudo", "/home/pi/bin/lol_dht22/loldht", "7"], timeout=10)
Sure but the unix user that's going to invoke that Python script will need the sudo privilege (Otherwise can't call the sudo from subprocess). In which case you might as well do as above, run the cron from a user with the required permissions.
You can run sudo commands with cron. Just use sudo crontab -e to set the cron and it should work fine.
You should very careful with running things as root. Since root has access to everything, a simple error can potentially render the system unusable.
The proper way to have access to the hardware as a normal user is to change the permissions on the required device files.
It seems that the utility you mention uses the WiringPi library. Some digging in the source code indicates that it uses the /dev/gpiomem (or /dev/mem) devices.
On raspbian, device permissions are set with udev. See here and also here.
You could give every user access to /dev/gpiomem and other gpio devices by creating a file e.g. /etc/udev/rules.d/local.rules and putting the following text in it:
ACTION=="add", KERNEL=="gpio*", MODE="0666"
ACTION=="add", KERNEL=="i2c-[0-9]*", MODE="0666"
The first line makes the gpio devices available, the second one I2C devices.