Running python script as another user

Question

On a Linux box I want to run a Python script as another user.

I\'ve already made a wrapper program in C++ that calls the script, since I\'ve realized that the owners

Answer 1

Use the command sudo.

In order to run a program as a user, the system must "authenticate" that user.

Obviously, root can run any program as any user, and any user can su to another user with a password.

The program sudo can be configured to allow a group of users to sudo a particular command as a particular user.

For example, you could create a group scriptUsers and a user scriptRun. Then, configure sudo to let any user in scriptUsers become scriptRun ONLY to run your script.

Answer 2

Give those users the ability to sudo su $dedicated_username and tailor the permissions on your system so that $dedicated_user has sufficient, but not excessive, access.

Answer 3

You can set the user with os.setuid(), and you can get the uid with pwd. Like so:

>>> import pwd, os
>>> uid = pwd.getpwnam('root')[2]
>>> os.setuid(uid)

Obviously this only works if the user or executable has the permission to do so. Exactly how to set that up I don't know. Obviously it works if you are root. I think you may need to the the setuid flag on the Python executable, and that would leave a WHOPPING security hole. possible that's permittable if the user you setuid too is a dedicated restricted user that can't do anything except whatever you need to do.

Unix security, based on users and setuiding and stuff, is not very good or practical, and it's easy to leave big security holes. A more secure option is actually to do this client-server typish, so you have a demon that does everything, and the client talks to it. The demon can then run with a higher security than the users, but the users would have to give a name and password when they run the script, or identify themselves with some public/private key or somesuch.