Hi everyone,
I have a Python program (A) that run under a regular user account. (good)
When some events occur in (A) I need to modify my nftables and only the root is allowed to do so.
I’ve come up with 3 ways to do that (if you know other please share) but I don’t which would be the best.
- Make a
sudocall from (A) withfrom subprocess import runbut I will need to store the password ! and I don’t think is possible to keep it encrypted and decrypted when need it (it’s a flaw)
. - Make (A) writing a file with the requests. Create a (B) daemon (that run as root) that check that file every X and do the necessary
. - Make (A) do an IPC ( Linux socket ) to (B) daemon (that run as root) and does the necessary.
I suppose that the solution 2 is less heavy that the 3 ? But if I’m not mistaken it will react also slower ?
Thanks.
🐧
Alternatively you could use capabilities:
https://stackoverflow.com/a/414258
https://man7.org/linux/man-pages/man7/capabilities.7.html
Thank you very much @taaz
So you say 2 but with
unix socketso it the same as my proposal number 3 ? no ?I’ll check
capabilitiesYeah kinda, unix socket does count as ipc