{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 老娘就宠你 的问题《How do I sudo the current process?》','https://www.manongdao.com/q-346242.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Is it possible to use a sudo frontend (like gksudo) to elevate the privileges of the current process? I know I can do the following:
sudo cat /etc/passwd-
But I'm interested in doing this:
sudo-become-root # magic function/command
cat /etc/passwd-
I'm writing in Python. My usecase is that I have a program that runs as the user, but may encounter files to read/write that are root-owned. I'd like to prompt for password, gain root privileges, do what I need, and then optionally drop privileges again.
I know I could separate admin logic and non-admin logic into separate processes, and then just run the admin process as root (with some communication -- policykit/dbus would be a good fit here). But I was hoping for a much simpler (though admittedly more risky) solution.
I'm thinking something like running Solaris's ppriv through sudo to then modify the current process's privileges. Which seems like a hacky-but-workable roundtrip. But as far as I know, linux doesn't offer ppriv.
(I'm surprised this isn't obvious already; it seems like a not-uncommon thing to want and doesn't seem to be a security hole to allow escalation in-process over escalation of a new process.)
I wonder if this would work:
Add another group to your system, install the script as a root program and have the sudoers file contain a line that allows the script to be executed by this group. Finally add the group to the list of accounts that need to run the script.
Then the script can only be run by root or any account that has the special group in the group set after supplying the account password at the start.
See Sudo Manual for other options.
Your magic function/command could be
Aptitude has a "become root" option. You may wish to see what the author did there.
The output is:
Unfortunately, I'm not aware of a way to do what you want to do cleanly. I think your best bet is to make the program setuid (or run it under sudo) and then either do your dirty work and drop permissions, or fork() and drop permissions from one process and keep the other one around to do your root work.
What you're looking for are the setuid(2) / setreuid(2) / setregid(2) / setgroups(2) calls, but they are all hard wired to not allow you to gain privileges mid-invocation. You can only use them to "give away" privileges, as far as I know.
If you want to deal cleanly with administrative rights inside a program, you might want to use PolicyKit rather than sudo, depending on the OS you plan to run your program on.
For PolicyKit for Python, see python-slip.
Otherwise, there are two ways to call sudo to become root:
will make you root and keep your current environment (equivalent to
sudo su)will make you root and give you root's environment, too (equivalent to
sudo su -)Another way of dealing with the problem is to consider that you have the rights you need, and let the user of the program choose how to give the rights to your program (using sudo/setuid/unix groups/whatever else).
See also this question on ServerFault on the same subject.