Home/ Questions/Q 6669515
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T03:09:32+00:00

I have a quick one off task in a python script that I’d like

  • 0

I have a quick one off task in a python script that I’d like to call from Django (www user), that’s going to need to root privileges.

At first I thought I would could use Python’s os.seteuid() and set the setuid bit on the script, but then I realized that I would have to set the setuid bit on Python itself, which I assume is big no no. From what I can tell, this would also be the case if using sudo, which I really would like to avoid.

At this point, I’m considering just writing a C wrapper the uses seteuid and calls my python script as root, passing the necessary arguments to it.

Is this the correct thing to do or should I be looking at something else?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    sudo does not require setuid bit on Python. You can enable sudo for one command only, no arguments:

     www          ALL=(ALL)       NOPASSWD:  /root/bin/reload-stuff.py ""

    This would be secure if your script does not take any arguments, cannot be overridden by www user, and sudo does “env_reset” (the default in most distros).

    You can accept arguments, but be very careful with them — do not take output filenames, make sure you verify all inputs. In this case, remove “” from the end of sudo line.

    • 0