Re: Running Python scripts under a different user
Laszlo Nagy wrote: For Windows, you can use the 'runas.exe' program. But it requires a password too. Or you can get a copy of the shareware program RunAsProfessional, which I use for my kids stupid games that necessarily has to be run by an admin. The price I paid was 10 Euro, which I still think was money well spent. IIRC you get a 30 days trial version for free. http://freedownloads.rbytes.net/cat/desktop/other3/runas-professional/ It does the same thing as RunAs, but you do not need to type the password every time you run your program. Instead the password is stored encrypted in the file you launch. I do not know what encryption is used, or how safe the encryption is. My needs are simply to make sure that my kids do not destroy anything by mistake. Sure, the stupid game may be designed to destroy, but that's another issue. /MiO -- http://mail.python.org/mailman/listinfo/python-list
Re: Running Python scripts under a different user
From what you wrote, I think that you need to change architecture. You should write your own service rather than write tricky programs. This way you can develop your own security system, and restrict access to specific files/programs. You can write tools that can connect to your service. The service program can be ran on the background, with sufficient privileges. How does it sound? [Bermard] Any ressource you could point me to as to write services? I'm totally unexperienced with that. I'm sorry, I was out of town in the weekend. You can try to write a multi-threaded application server that provides services through TCP/IP. Probably, the easiest to start with an existing framework: http://twistedmatrix.com/projects/core/ http://www.webwareforpython.org/ There are many other libraries, you can look for them in the cheeseshop. http://cheeseshop.python.org/pypi You can also develop your own protocol with SocketServer or xmlrpc: http://docs.python.org/lib/module-SocketServer.html http://docs.python.org/lib/module-xmlrpclib.html Best, Laszlo -- http://mail.python.org/mailman/listinfo/python-list
Re: Running Python scripts under a different user
Thanks Laszlo, I'll check it out. Bernard On 5/29/06, Laszlo Nagy [EMAIL PROTECTED] wrote: From what you wrote, I think that you need to change architecture. You should write your own service rather than write tricky programs. This way you can develop your own security system, and restrict access to specific files/programs. You can write tools that can connect to your service. The service program can be ran on the background, with sufficient privileges. How does it sound? [Bermard] Any ressource you could point me to as to write services? I'm totally unexperienced with that. I'm sorry, I was out of town in the weekend. You can try to write a multi-threaded application server that provides services through TCP/IP. Probably, the easiest to start with an existing framework: http://twistedmatrix.com/projects/core/ http://www.webwareforpython.org/ There are many other libraries, you can look for them in the cheeseshop. http://cheeseshop.python.org/pypi You can also develop your own protocol with SocketServer or xmlrpc: http://docs.python.org/lib/module-SocketServer.html http://docs.python.org/lib/module-xmlrpclib.html Best, Laszlo -- http://mail.python.org/mailman/listinfo/python-list
Re: Running Python scripts under a different user
Bernard Lebel a écrit : On 5/26/06, Laszlo Nagy [EMAIL PROTECTED] wrote: For Windows, you can use the 'runas.exe' program. But it requires a password too. From what you wrote, I think that you need to change architecture. You should write your own service rather than write tricky programs. This way you can develop your own security system, and restrict access to specific files/programs. You can write tools that can connect to your service. The service program can be ran on the background, with sufficient privileges. How does it sound? [Bermard] Any ressource you could point me to as to write services? I'm totally unexperienced with that. As you run under Unix, you may be interrested into the daemon.py script. See Unix Daemon in page http://homepage.hispeed.ch/py430/python/index.html And too: http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/278731 See also google links for python + daemon A+ Laurent. -- http://mail.python.org/mailman/listinfo/python-list
Running Python scripts under a different user
Hello, I would like to know if there is a way to run a Python file under a different user account than the one logged in. Allow me to explain. There are a bunch of people here, they are basic user, with limited permissions. Basically there are locations on the network where they can only read and execute files, but no way to write. Now, if these users want to write or modify files and directories, they would have to use my tools, which would control the permissions and allow the operations under parameters that I have defined. Currently I see two ways of accomplishing this: 1- the script changes the permissions of the locations the user is writing to, allowing the basic user to write to this location, and then restore the original permissions. What I don't like about this one, is that if the script stops, the locations may retain the writing permissions for the basic user. 2- the script itself runs under a account with writing privileges (the power user), and network location permissions are not changed. If the script crashes, well, nothing to worry about as far as I can see. I could find in the Python library a way to do #1 easily (the os module), but failed to find anything for #2. Thanks in advance Bernard -- http://mail.python.org/mailman/listinfo/python-list
Re: Running Python scripts under a different user
Bernard Lebel schrieb: Hello, I would like to know if there is a way to run a Python file under a different user account than the one logged in. Allow me to explain. There are a bunch of people here, they are basic user, with limited permissions. Basically there are locations on the network where they can only read and execute files, but no way to write. Now, if these users want to write or modify files and directories, they would have to use my tools, which would control the permissions and allow the operations under parameters that I have defined. Currently I see two ways of accomplishing this: 1- the script changes the permissions of the locations the user is writing to, allowing the basic user to write to this location, and then restore the original permissions. What I don't like about this one, is that if the script stops, the locations may retain the writing permissions for the basic user. 2- the script itself runs under a account with writing privileges (the power user), and network location permissions are not changed. If the script crashes, well, nothing to worry about as far as I can see. I could find in the Python library a way to do #1 easily (the os module), but failed to find anything for #2. You didn't find anything there for a few reasons - mainly because if there was anything that made a program decide for itself which rights it wanted to run with, the whole concept of restrictive access would be kind of useless... And as you refrain form telling us which OS you are running under one can only be very vague on what to suggest - UNIXish OSes have for example the setguid-bit, sudo springs to mind and under certain desktops there are ways to acquire root-settings (but you need a password then I guess) Windows I don't know so much - but there exist the possibility to make a program run under a different user-account. Diez -- http://mail.python.org/mailman/listinfo/python-list
Re: Running Python scripts under a different user
Hello Diez, Please see below. And as you refrain form telling us which OS you are running under one can only be very vague on what to suggest - UNIXish OSes have for example the setguid-bit, sudo springs to mind and under certain desktops there are ways to acquire root-settings (but you need a password then I guess) Windows I don't know so much - but there exist the possibility to make a program run under a different user-account. For Windows, you can use the 'runas.exe' program. But it requires a password too. From what you wrote, I think that you need to change architecture. You should write your own service rather than write tricky programs. This way you can develop your own security system, and restrict access to specific files/programs. You can write tools that can connect to your service. The service program can be ran on the background, with sufficient privileges. How does it sound? Best, Laszlo -- http://mail.python.org/mailman/listinfo/python-list
Re: Running Python scripts under a different user
On 5/26/06, Diez B. Roggisch [EMAIL PROTECTED] wrote: And as you refrain form telling us which OS you are running under [Bernard] The network file server is Red Hat Enterprise 4. The user workstation run through MS Windows XP Pro 32bit SP2, accessing the file server through Samba. one can only be very vague on what to suggest - UNIXish OSes have for example the setguid-bit, sudo springs to mind and under certain desktops there are ways to acquire root-settings (but you need a password then I guess) Windows I don't know so much - but there exist the possibility to make a program run under a different user-account. [Bernard] Thanks anway. Bernard -- http://mail.python.org/mailman/listinfo/python-list
Re: Running Python scripts under a different user
On 5/26/06, Laszlo Nagy [EMAIL PROTECTED] wrote: For Windows, you can use the 'runas.exe' program. But it requires a password too. From what you wrote, I think that you need to change architecture. You should write your own service rather than write tricky programs. This way you can develop your own security system, and restrict access to specific files/programs. You can write tools that can connect to your service. The service program can be ran on the background, with sufficient privileges. How does it sound? [Bermard] Any ressource you could point me to as to write services? I'm totally unexperienced with that. Thanks a bunch. Bernard -- http://mail.python.org/mailman/listinfo/python-list
