Hi everyone,
I have a Python program (A) that run under a regular user account. (good)
When some events occur in (A) I need to modify my nftables and only the root is allowed to do so.
I’ve come up with 3 ways to do that (if you know other please share) but I don’t which would be the best.
- Make a
sudocall from (A) withfrom subprocess import runbut I will need to store the password ! and I don’t think is possible to keep it encrypted and decrypted when need it (it’s a flaw)
. - Make (A) writing a file with the requests. Create a (B) daemon (that run as root) that check that file every X and do the necessary
. - Make (A) do an IPC ( Linux socket ) to (B) daemon (that run as root) and does the necessary.
I suppose that the solution 2 is less heavy that the 3 ? But if I’m not mistaken it will react also slower ?
Thanks.
🐧
It’s a good way of solving it. It’s not scriptable though as it requires user-input.
indeed I need it to be scriptable.
Then implement polkit perhaps? https://polkit.pages.freedesktop.org/polkit/polkit-apps.html
Basically the root using bit is handled via polkit. Three unprivileged bit calls the privileged bit via polkit.