Asking for temporary privilege elevation

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Asking for temporary privilege elevation

Shriramana Sharma
Hello. I'm writing a PyQt5 program that can do its basic function
without superuser permission, but for one function (modifying a system
configuration file under /usr/) it needs superuser permission.

I checked on StackOverflow but though there is talk about using
SUDO_ASKPASS and subprocess.run or such, I didn't find any clear
specific methods of asking for privilege elevation of the *current*
process so I can directly open and modifying such files using Python
file IO.

Please advise. Thank you!

--
Shriramana Sharma ஶ்ரீரமணஶர்மா श्रीरमणशर्मा 𑀰𑁆𑀭𑀻𑀭𑀫𑀡𑀰𑀭𑁆𑀫𑀸
_______________________________________________
PyQt mailing list    [hidden email]
https://www.riverbankcomputing.com/mailman/listinfo/pyqt
Reply | Threaded
Open this post in threaded view
|

Re: Asking for temporary privilege elevation

Barry Scott


> On 6 Jan 2018, at 12:11, Shriramana Sharma <[hidden email]> wrote:
>
> Hello. I'm writing a PyQt5 program that can do its basic function
> without superuser permission, but for one function (modifying a system
> configuration file under /usr/) it needs superuser permission.
>
> I checked on StackOverflow but though there is talk about using
> SUDO_ASKPASS and subprocess.run or such, I didn't find any clear
> specific methods of asking for privilege elevation of the *current*
> process so I can directly open and modifying such files using Python
> file IO.

This is not pyqt problem. But short answer is you cannot change current process privs.
Use subprocess to spawn a sudo command line. You need to set sudo askpass to allow the sudo password to be entered.

Barry


>
> Please advise. Thank you!
>
> --
> Shriramana Sharma ஶ்ரீரமணஶர்மா श्रीरमणशर्मा 𑀰𑁆𑀭𑀻𑀭𑀫𑀡𑀰𑀭𑁆𑀫𑀸
> _______________________________________________
> PyQt mailing list    [hidden email]
> https://www.riverbankcomputing.com/mailman/listinfo/pyqt

_______________________________________________
PyQt mailing list    [hidden email]
https://www.riverbankcomputing.com/mailman/listinfo/pyqt
Reply | Threaded
Open this post in threaded view
|

Re: Asking for temporary privilege elevation

Shriramana Sharma
On 1/6/18, Barry <[hidden email]> wrote:
>
> This is not pyqt problem.

Never said it was. Just wanted to know what approach PyQt users employ
for this problem.

> But short answer is you cannot change current
> process privs.

OK.

> Use subprocess to spawn a sudo command line. You need to set sudo askpass to
> allow the sudo password to be entered.

To avoid external dependency on an askpass program (and there only
seem to be "ssh-askpass" programs, none for generic sudo), I suppose I
can just get the password from an input dialog and then pass it to
`sudo -S`?

--
Shriramana Sharma ஶ்ரீரமணஶர்மா श्रीरमणशर्मा 𑀰𑁆𑀭𑀻𑀭𑀫𑀡𑀰𑀭𑁆𑀫𑀸
_______________________________________________
PyQt mailing list    [hidden email]
https://www.riverbankcomputing.com/mailman/listinfo/pyqt
Reply | Threaded
Open this post in threaded view
|

Re: Asking for temporary privilege elevation

Barry Scott


On 6 Jan 2018, at 15:33, Shriramana Sharma <[hidden email]> wrote:

On 1/6/18, Barry <[hidden email]> wrote:

This is not pyqt problem.

Never said it was. Just wanted to know what approach PyQt users employ
for this problem.

But short answer is you cannot change current
process privs.

OK.

Use subprocess to spawn a sudo command line. You need to set sudo askpass to
allow the sudo password to be entered.

To avoid external dependency on an askpass program (and there only
seem to be "ssh-askpass" programs, none for generic sudo), I suppose I
can just get the password from an input dialog and then pass it to
`sudo -S`?


Have a look at the scm workbench code that solves a related problem with git.
Look at the small program that used the askpass interface to call back into the gui to get the username and password that is needed.


Barry

--
Shriramana Sharma ஶ்ரீரமணஶர்மா श्रीरमणशर्मा 𑀰𑁆𑀭𑀻𑀭𑀫𑀡𑀰𑀭𑁆𑀫𑀸


_______________________________________________
PyQt mailing list    [hidden email]
https://www.riverbankcomputing.com/mailman/listinfo/pyqt
Reply | Threaded
Open this post in threaded view
|

Re: Asking for temporary privilege elevation

Shriramana Sharma
Ok will do that but is using external ask pass more secure than just a QInputBox with password echo mode?

_______________________________________________
PyQt mailing list    [hidden email]
https://www.riverbankcomputing.com/mailman/listinfo/pyqt
Reply | Threaded
Open this post in threaded view
|

Re: Asking for temporary privilege elevation

Barry Scott


> On 7 Jan 2018, at 00:12, Shriramana Sharma <[hidden email]> wrote:
>
> Ok will do that but is using external ask pass more secure than just a QInputBox with password echo mode?

Its a trade off between always asking the password if you use Qinputbox or only asking for it if sudo requires a password.

Barry

_______________________________________________
PyQt mailing list    [hidden email]
https://www.riverbankcomputing.com/mailman/listinfo/pyqt