0

I am using ubuntu in my server.

I have two users, let them be user1 and user2

Each user have their own project folder with permissions set due to their needs. But user1 needs to run a python script which is in the other user's project folder. I use subprocess.Popen for this. The python file have required access permissions, so i do not have problem in calling that script. But log files (which have permission for user2) causes permision denied error (since they belong to other user, not the one i need to use).

So i tried to change the user with 

Popen("exit", shell=True, stdin=sp.PIPE, stdout=sp.PIPE, stderr=sp.PIPE) #exit from current user, and be root again
Popen(["sudo", "user2"], shell=True, stdin=sp.PIPE, stdout=sp.PIPE, stderr=sp.PIPE)
Popen("/usr/bin/python /some/file/directory/somefile.py param1 param2 param3", shell=True, stdin=sp.PIPE, stdout=sp.PIPE, stderr=sp.PIPE)

But second Popen fails with

su: must be run from a terminal

Is there any way to change user within python shell?

PS: Due to some reasons, i can not change the user permissions about log files. I need to find a way to switch to other user...

EDIT: I need to make some explenaiton to make things clear...

I have two different django projects running. each projects have a user, have their own user folders where each project codes and logs are kept.

Now, in some cases, i need to transfer some data from project1 to projet2. Easiest way looks to me is writing a python script that accept parameters and do relevant job [data insertion] on the second project.

So, when some certain functions are called within project1, i wish to call py script that is in the project2 project folder, so i can do my data update on the second prject.

But, since this i call Popen within project1, currnt user is user1. But my script (which in in project2) have some log files which denied me because of access permissions...

So, somehow, i need to switch from user1 to user2 so i will not have permission problem, and call my python file. Or, do find another way to do this..

Improve this question
1
  • Popen runs the command specified under a sub-process of the python process. I think that's your first misunderstanding. Commented Mar 28, 2012 at 13:19

1 Answer 1

Reset to default
1

Generally, there is no way to masquerade as another user without having root permission or knowing the second user's login details. This is by design, and no amount of python will circumvent it.

Python-ey ways of solving the problem:

  • If you have the permission, you can use os.setuid(x), (where x is a numerical userid) to change your effective user id. However, this will require your script to be run as root. Have a look at the os module documentation.

  • If you have the permission, you can also try su -c <command> instead of sudo. su -c will require you to provide the password on stdin (for which you can use the pexpect library)

Unix-ey ways of solving the problem:

  • Set the group executable permission on the script and have both users in the same group.

  • Add the setuid bit on the script so that user1 can run it effectively as user2:

    $ chmod g+s script

    This will allow group members to run the script as user2. (same could be done for 'all', but that probably wouldn't be a good idea...)

[EDIT]: Revised question

The answer is that you're being far too promiscuous. Project A and project B probably shouldn't interact by messing aground with each other's files via Popening each other's scripts. Instead, the clean solution is to have a web interface on project A that gives you the functionality that you need and call it from project B. That way, if in the future you want to move A on a different host, it's not a problem.

If you insist, you might be able to trick sudo (if you have permission) by running it inside a shell instead. for example, have a script:

#!/bin/sh
sudo my/problematic/script.sh

And then chmod it +x and execute it from python. This will get around the problem with not being able to run sudo outside a terminal.

Improve this answer
Sign up to request clarification or add additional context in comments.

9 Comments

I will add that, if proper permission is grant among both users, a convenient way to do so programatically is to have the other user's ssh public key in the authorized_keys file, and call the other script via ssh.
Neither user1 nor user2 have permisson to do that. So i have to be root first...
@jsbueno Not a bad idea actually. We use this at work quite a bit.
@FallenAngel: precisely. This is the nix security model.
@brice using os.setgid(x) may prevent to making any changes on target file permissions as you said.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.