1

RELATED: Python multiprocessing: Permission denied

I want to use Python's multiprocessing.Pool

import multiprocessing as mp
pool =  mp.Pool(3)
for i in range(num_to_run):
    pool.apply_async(popen_wrapper, args=(i,), callback=log_result)

I get OSError

  File "/usr/local/lib/python2.6/multiprocessing/__init__.py", line 178, in RLock
    return RLock()
  File "/usr/local/lib/python2.6/multiprocessing/synchronize.py", line 142, in __init__
    SemLock.__init__(self, RECURSIVE_MUTEX, 1, 1)
  File "/usr/local/lib/python2.6/multiprocessing/synchronize.py", line 49, in __init__
    sl = self._semlock = _multiprocessing.SemLock(kind, value, maxvalue)
OSError: [Errno 13] Permission denied

I read in the related question that it's due to not having r/w to /dev/shm

Besides changing the permission in /dev/shm, is there a way to run as root in the code?

I initially thought you could do something like os.umask() but it didnt work

EDIT (rephrasing the question):

  • let's say a username A has r/w access to directory A
  • You are user B and your program needs access to directory A. how do you run a program as user A?
Community
  • 1
  • 1
ealeon
  • 12,074
  • 24
  • 92
  • 173
  • 3
    You should not try to make your code run as root. The solution is to use root access to permanently fix your system as per the question you linked. – John Zwinck Dec 15 '15 at 04:42
  • @JohnZwinck can you answer the edited part of the question? Im just thinking about a case not related to root – ealeon Dec 15 '15 at 04:47
  • 1
    related(?): [Dropping Root Permissions In Python](http://stackoverflow.com/questions/2699907/dropping-root-permissions-in-python) – Jeremy Dec 15 '15 at 04:47
  • @ealeon: It doesn't matter what the users involved are. Just fix the permissions on `/dev/shm` so it works. There's no downside I'm seeing here. – John Zwinck Dec 15 '15 at 04:49
  • @JohnZwinck the question is .. is there other ways besides fixing the permission. your answer is no, correct? or is there another way...? – ealeon Dec 15 '15 at 04:51
  • There are complicated ways. You can read about "setuid" and "dropping permissions" as @JeremyBanks linked above. But you don't need that. – John Zwinck Dec 15 '15 at 04:53
  • @JohnZwinck i will determine whether i need that or not. I just wanted to know what are other options which is the point of the question. – ealeon Dec 15 '15 at 04:53
  • run as root: `sudo python scriptname` you can use `su` to switch to another user – Josep Valls Dec 15 '15 at 04:56
  • If the script is just something you yourself will be using, you could hard code in the password for the root user, and run the su command. Otherwise you would have to run the entire script as a root user, or try doing something complicated like John Zwinck suggested. – hostingutilities.com Dec 15 '15 at 04:58
  • @JosepValls the program can be run by many users and dont have access to sudo. I dont want to change the permission on /dev/shm because i only want users to have access to /dev/shm when they run this particular program – ealeon Dec 15 '15 at 04:58
  • http://www.faqs.org/faqs/unix-faq/faq/part4/section-7.html – thebjorn Dec 15 '15 at 05:45

1 Answers1

3

In order from the least dangerous to the most dangerous.

  1. You can try dropping permissions as John Zwinck suggested. Basically you would start the program with root level permissions, immediately do what you need to do, and then switch to a non-root user.

    From this StackOverflow.

    import os, pwd, grp

def drop_privileges(uid_name='nobody', gid_name='nogroup'):
if os.getuid() != 0:
# We're not root so, like, whatever dude
return

# Get the uid/gid from the name
running_uid = pwd.getpwnam(uid_name).pw_uid
running_gid = grp.getgrnam(gid_name).gr_gid

# Remove group privileges
os.setgroups([])

# Try setting the new uid/gid
os.setgid(running_gid)
os.setuid(running_uid)

# Ensure a very conservative umask
old_umask = os.umask(077)

  2. You could also require the credentials for the root user to be inputed into the script, and then only use them when they are required.

    subprocess.call("sudo python RunStuffWithElevatedPrivelages.py")
#From here, the main script will continue to run without root permissions

    Or if you don't want the script to prompt the user for the password you can do

    subprocess.call("echo getRootCredentials() | sudo -S python RunStuffWithElevatedPrivelages.py")

  3. Or you could just run the entire program as a root user -- sudo python myScript.py.

As far as temporarily giving users root permission to /dev/shm only when they run your script, the only thing I could think of was having some script that runs in the background under the root user that can temporarily grant anyone who uses your script root privileges to /dev/shm. This could be done through using setuid to grant such permissions and then after a certain amount of time or if the script ends the privilege is taken away. My only concern would be if there is a way a user who has temporarily been given such permissions might be able to secure more permanent privileges.

Community
  • 1
  • 1
hostingutilities.com
  • 8,894
  • 3
  • 41
  • 51