RE: [Zope] os.system in external method
You might want to check out the "sudo" utility, which is a very flexible way of letting users run programs as other users, in a nicely controlled fashion. http://www.courtesan.com/sudo/ It's complicated-ish, but very powerful. I'm no super-hacker, and it took me only a couple of hours (maybe an afternoon at most) to understand it sufficiently to allow one particular user to run one particular script as root, ie it's worth persevering with despite initially looking hard. Of course, there are other ways of doing the same thing, but I think this is a particularly nice one. :-) -Andy -- Andy Gimblett - Programmer - Frontier Internet Services Limited Tel: 029 20 820 044 Fax: 029 20 820 035 http://www.frontier.net.uk/ Statements made are at all times subject to Frontier's Terms and Conditions of Business, which are available upon request.
Thanks everyone for all the answers ! Maybe that's just me, but I found that chmod was not only 000 -> 777, there is a forth number which does exactly that with permissions. So I chmodded the executable 4777, and now it can be run as a normal user from zope. I guess it's a security hole, I'll have to check this further. The executable itself seems quite secure (I have the sources :-). But then what is the difference between chmod 4xxx and sudo ? Philippe
You might want to check out the "sudo" utility, which is a very flexible way of letting users run programs as other users, in a nicely controlled fashion.
http://www.courtesan.com/sudo/
It's complicated-ish, but very powerful. I'm no super-hacker, and it took me only a couple of hours (maybe an afternoon at most) to understand it sufficiently to allow one particular user to run one particular script as root, ie it's worth persevering with despite initially looking hard.
Of course, there are other ways of doing the same thing, but I think this is a particularly nice one. :-)
-Andy
participants (2)
-
Andy Gimblett -
Philippe Jadin