I need a way to execute the os.system() module as different UID’s. It would need to behave similar to the following BASH code (note these are not the exact commands I am executing):
su user1
ls ~
mv file1
su user2
ls ~
mv file1
The target platform is GNU Linux Generic.
Of course I could just pass these to the os.system module, but how to send the password? Of course I could run the script as root, but that’s sloppy and insecure.
Preferably I would like to do with without requiring any passwords to be in plain text.
The function you’re looking for is called
os.seteuid. I’m afraid you probably won’t escape executing the script as root, in any case, but I think you can use thecapabilities(7)framework to ‘fence in’ the execution a little, so that it can change users–but not do any of the other things the superuser can.Alternatively, you might be able to do this with PAM. But generally speaking, there’s no ‘neat’ way to do this, and David Cournapeau is absolutely right that it’s traditional for admin scripts to run with privileges.