Hi everyone,
I have a Python program (A) that run under a regular user account. (good)
When some events occur in (A) I need to modify my nftables and only the root
is allowed to do so.
I’ve come up with 3 ways to do that (if you know other please share) but I don’t which would be the best.
- Make a
sudo
call from (A) withfrom subprocess import run
but I will need to store the password ! and I don’t think is possible to keep it encrypted and decrypted when need it (it’s a flaw)
. - Make (A) writing a file with the requests. Create a (B) daemon (that run as root) that check that file every X and do the necessary
. - Make (A) do an IPC ( Linux socket ) to (B) daemon (that run as root) and does the necessary.
I suppose that the solution 2 is less heavy that the 3 ? But if I’m not mistaken it will react also slower ?
Thanks.
🐧
You must log in or register to comment.
- Is the usual solution, but instead of file use unix socket and user/group permissions as auth - the running user has to be part of some group so that the control client (A) can access the control socket of (B) daemon.
Alternatively you could use capabilities:
Thank you very much @taaz
So you say 2 but with
unix socket
so it the same as my proposal number 3 ? no ?I’ll check
capabilities
Yeah kinda, unix socket does count as ipc