14π
sudo does not require setuid bit on Python. You can enable sudo for one command only, no arguments:
www ALL=(ALL) NOPASSWD: /root/bin/reload-stuff.py ""
This would be secure if your script does not take any arguments, cannot be overridden by www user, and sudo does βenv_resetβ (the default in most distros).
You can accept arguments, but be very careful with them β do not take output filenames, make sure you verify all inputs. In this case, remove ββ from the end of sudo line.
3π
The correct thing is called privilege separation: clearly identify minimal set of tasks which have to be done on elevated privileges. Write a separate daemon and an as much limited as possible way of communicating the task to do. Run this daemon as another user with elevated privileges. A bit more work, but also more secure.
EDIT: using a setuid-able wrapper will also satisfy the concept of privilege separation, although I recommend having the web server chrooted and mounting the chrooted file system nosuid (which would defeat that).
- How do I force Django to connect to Oracle using Service Name
- Django tests complain of missing tables
- Django crontab not executing test function
1π
sudo
allows you to limit arguments passed to the program. From man sudoers
:
john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
On the ALPHA machines, user john may su to anyone except root but
he is not allowed to specify any options to the su(1) command.
So use sudo. Of course you need to be extra careful with root access β make sure only root can modify the script itself and any parent directories, and that the script is safe and only does the absolute minimum that needs to be run as root.
- Django Rest Framework β AssertionError Fix your URL conf, or set the `.lookup_field` attribute on the view correctly
- Django channels and socket.io-client