Run a linux system command as a superuser, using a python script

问题

I have got postfix installed on my machine and I am updating virtual_alias on the fly programmatically(using python)(on some action). Once I update the entry in the /etc/postfix/virtual_alias, I am running the command:

sudo /usr/sbin/postmap /etc/postfix/virtual_alias 2>>/work/postfix_valias_errorfile

But I am getting the error:

sudo: sorry, you must have a tty to run sudo

I want to run the mentioned sudo command in a non-human way(meaning, I am running this system command from a python script.). So how do I get this command run programmatically?

回答1:

You can either run your python script as root itself - then you won't need to add privilege to reload postfix.

Or you can configure sudo to not need a password for /etc/init.d/postfix.

sudo configuration (via visudo) allows NOPASSWD: to allow the command without a password. See http://www.sudo.ws/sudo/man/sudoers.html#nopasswd_and_passwd

<username>  ALL = NOPASSWD: /etc/init.d/postfix

or something similar.

回答2:

#include <unistd.h>
#include <stdlib.h>

// gcc -o reload_postfix reload_postfix.c
// chown root reload_postfix
// chmod +s reload_postfix

int main( int argc, char **argv ) {
    setuid( geteuid() );
    system("/etc/init.d/postifx reload");
}

Wrap your command in setuid-ed program. This will let any user restart postfix. You can of course further restrict the execute permission to certain groups.

回答3:

To answer the error:"sudo: sorry, you must have a tty to run sudo", we have a setting called "Defaults requiretty" in sudoers file. I tried commenting it out and it worked :D.

回答4:

import os
os.popen("sudo -S /etc/init.d/postifx reload", 'w').write("yourpassword")

This of course is almost always not a good idea as the password is in plain text.

回答5:

if you're gonna do this in python you should just do the following:

write this command before the line that you call the shell command

os.setuid(os.geteuid())

then, you call the shell command without "sudo" prefix

回答6:

See StackLick

You need to grant a user to run sudo command without password.

来源：https://stackoverflow.com/questions/583216/run-a-linux-system-command-as-a-superuser-using-a-python-script