3

A smaller version of my code looks like this

from codebase import head
a = head()
n = []
with sudo_user('userB'):
    from books import name
    n = name()
<do some other things with a and n>

Actual problem is, head module can be accessed by userA(current user) but not by userB and the name() module can be accessed by userB and not by userA. Both userA and userB has sudo permissions.

Is there any way to do something like sudo_user ?

Vinu Natrajan
  • 61
  • 1
  • 3
  • you could run a sudo command to read the file contents into memory and then: https://stackoverflow.com/questions/14191900/pythonimport-module-from-memory – VPfB Oct 04 '17 at 14:53
  • actually the name module is accessing the DB and DB won't have permissions for userA – Vinu Natrajan Oct 04 '17 at 14:58
  • @VinuNatrajan Have you considered forking off a subprocess and sending back a serialized `n` ? – UltraInstinct Oct 04 '17 at 16:52
  • Problem is userA and userB are not root users. so setuid couldn't be used – Vinu Natrajan Oct 04 '17 at 17:02
  • `sudo` starts a new process as a different user, you can't use it to simply run part of a program in the context of a different user. This seems like an XY problem to me... What kind of db is this? Can't you just log in using the second users credentials? – mata Oct 04 '17 at 17:25
  • @mata This is not XY problem. I can have `from books import name;n = name();` in a separate python script and get the values forking a sub process as userB. But I just wanted to know if we have more pythonic way for doing it. – Vinu Natrajan Oct 05 '17 at 07:49
  • It is a XY problem in the sense that you ask about importing a module as a different user when the acutal problem seems to be accessing a database as a different user. I'm trying to understand why you need to change to a different user in the first place. Importing a module as userA shouldn't be the problem, execpt if it's not really a module but rather a script that does things as a siede effect of importing it for which you need to be userB. The question is: for what reasons does the process really need to run as userB? (e.g. access to files/sockets/...) – mata Oct 05 '17 at 10:00
  • the name module uses a service which can be accessed only by userB and similarly there is another service which can be accessed only by user C and so on. userA has sudo permissions to sudo as userB,userC.... but not to access the service. But userB will not have sudo permission for userC (something like this). So I had to run as userA. – Vinu Natrajan Oct 05 '17 at 10:26

0 Answers0