0

I'm trying to keep passwords that are usually written in a py file separated from the script and make it so that those passwords are only accessible by root and python whenever a script needs it. I got the idea reading this: https://stackoverflow.com/a/158248/3892678

To do this, I'm trying to hide passwords to be used in a_script in another passwords py file. passwords can only be read, written, and executed (-rwxrwx---)by root:root. As another user tomato, I want to run a_script, which imports the password from passwords to be used in the file. To make it so that this user can run the file as root, I've elevated the file's setuid and setgid withchmod 6777 a_script.py so that the file has -rwsrwsrwx permissions. Now, as user tomato, I run python a_script.py, but I get back ImportError: No module named passwords. I thought that setting the uid and groupid as s would run the file as root, which should have permissions to read passwords. What am I doing wrong?

Here's a_script.py

import os
print "uid: %s" % os.getuid()
print "euid: %s" % os.getgid()
print "gid: %s" % os.geteuid()
print "egid: %s" % os.getegid()
from passwords import MYPASS

print MYPASS

All the print statements before I get the ImportError are 1001 which is tomato. Thanks for your help. Might there be a better way to "hide" passwords in another file so that only root and programs that need it are the only ones that have access to it?

Community
  • 1
  • 1
pyramidface
  • 1,207
  • 2
  • 17
  • 39
  • The setuid flag sets the euid to the user owning the executable. Are you trying this just for fun, or do you want to get something that's actually secure? – Sven Marnach Dec 10 '15 at 20:48
  • @SvenMarnach Can you expand on that a little? This is something that should be actually secure. I'm not sure if this is the best way to do it. – pyramidface Dec 10 '15 at 20:49
  • So if this is supposed to be actually secure, what should it be secure against? Are there local users on the Linux machine who are not supposed to be able to see the passwords? – Sven Marnach Dec 10 '15 at 21:53
  • @SvenMarnach Yes, that's right. Only root and python should have access to the `passwords` file. – pyramidface Dec 10 '15 at 22:03
  • Well, ok, this isn't going to work the way you intend to do it. Setting the setuid bit on the _script_ (instead of on the binary) doesn't have any effect on Linux, and setting it on the binary doesn't give you the security you are looking for. What are the passwords used for? – Sven Marnach Dec 10 '15 at 22:24
  • @SvenMarnach so you mean python itself has to have the setuid? The passwords should be for variety of things like API keys, or database credentials. – pyramidface Dec 10 '15 at 22:32
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/97570/discussion-between-sven-marnach-and-pyramidface). – Sven Marnach Dec 10 '15 at 23:59

1 Answers1

0

how bout 

os.popen("echo ROOT_PASSWORD | sudo -s -p '' cat /path/to/secure/file.txt").read()

(note its probably better to use the subprocess module ... but it requires more typing)

Joran Beasley
  • 110,522
  • 12
  • 160
  • 179
  • Didn't really work. It got hung up trying to run that command as my tomato user, but with my other user thats listed in sudoers it worked okay. Not quite what I want though, but thanks. – pyramidface Dec 11 '15 at 00:28