running a command as a super user from a python script

Question

So I m trying to get a process to be run as a super user from within a python script using subprocess   In the ipython shell something like  proc   subprocess Popen  sudo apach2ctl restart                           shell True  stdin subprocess PIPE                          stdout subprocess PIPE                          stderr subprocess PIPE    works fine  but as soon as I stick it into a script I start getting  sudo  apach2ctl  command not found   I would guess this is due to the way sudo handles environments on ubuntu   I ve also tried sudo -E apche2ctl restart and sudo env path  PATH apache2ctl restart with no avail   So my question is basically  if I want to run apache2ctl restart as super user that prompts the user for the super user password when required  how should I go about doing this   I have no intention of storing passwords in the script   Edit   I ve tried passing in the commands as both a string and tokenized into a list   In the python interpreter  with a string I ll get the password prompt properly  still doesnt work in a python script as in my original problem   a list just gives the help screen for sudo   Edit 2   So what I gather is that while Popen will work with some commands just as strings when shell True  it takes   proc   subprocess Popen   sudo    usr sbin apache2ctl   restart      without  shell True  to get sudo to work   Thanks

User · Answer

To run a command as root  and pass it the password at the command prompt  you could do it as so  import subprocess from getpass import getpass  ls    quot sudo -S ls -al quot  split   cmd   subprocess run      ls  stdout subprocess PIPE  input getpass  quot password   quot    encoding  quot ascii quot     print cmd stdout   For your example  probably something like this  import subprocess from getpass import getpass  restart apache    quot sudo  usr sbin apache2ctl restart quot  split   proc   subprocess run      restart apache      stdout subprocess PIPE      input getpass  quot password   quot        encoding  quot ascii quot

User · Answer

The safest way to do this is to prompt for the password beforehand and then pipe it into the command  Prompting for the password will avoid having the password saved anywhere in your code and it also won t show up in your bash history  Here s an example   from getpass import getpass from subprocess import Popen  PIPE  password   getpass  Please enter your password       sudo requires the flag  -S  in order to take input from stdin proc   Popen  sudo -S apach2ctl restart  split    stdin PIPE  stdout PIPE  stderr PIPE    Popen only accepts byte-arrays so you must encode the string proc communicate password encode

User · Answer

I tried all the solutions  but did not work  Wanted to run long running tasks with Celery but for these I needed to run sudo chown command with subprocess call     This is what worked for me   To add safe environment variables  in command line  type   export MY SUDO PASS  user password here    To test if it s working type   echo  MY SUDO PASS   gt  user password here   To run it at system startup add it to the end of this file   nano    bashrc         bashrc     existing content     elif   -f  etc bash completion    then        etc bash completion   fi fi      export MY SUDO PASS  user password here      You can add all your environment variables passwords  usernames  host  etc here later   If your variables are ready you can run   To update   echo  MY SUDO PASS   sudo -S apt-get update   Or to install Midnight Commander  echo  MY SUDO PASS   sudo -S apt-get install mc   To start Midnight Commander with sudo  echo  MY SUDO PASS   sudo -S mc   Or from python shell  or Django Celery   to change directory ownership recursively   python  gt  gt  import subprocess  gt  gt  subprocess call  echo  MY SUDO PASS   sudo -S chown -R username here  home username here folder to change ownership recursivley   shell True    Hope it helps

User · Answer

Try giving the full path to apache2ctl

User · Answer

Try   subprocess call   sudo    apach2ctl    restart     The subprocess needs to access the real stdin out err for it to be able to prompt you  and read in your password  If you set them up as pipes  you need to feed the password into that pipe yourself   If you don t define them  then it grabs sys stdout  etc

User · Answer

I used this for python 3 5  I did it using subprocess module Using the password like this is very insecure   The subprocess module takes command as a list of strings so either create a list beforehand using split   or pass the whole list later  Read the documentation for more information   What we are doing here is echoing the password and then using pipe we pass it on to the sudo through  -S  argument      usr bin env python import subprocess  sudo password    mysecretpass  command    apach2ctl restart  command   command split    cmd1   subprocess Popen   echo  sudo password   stdout subprocess PIPE  cmd2   subprocess Popen   sudo   -S     command  stdin cmd1 stdout  stdout subprocess PIPE   output   cmd2 stdout read   decode

User · Answer

Another way is to make your user a password-less sudo user   Type the following on command line   sudo visudo   Then add the following and replace the  lt username gt  with yours    lt username gt  ALL  ALL  NOPASSWD  ALL   This will allow the user to execute sudo command without having to ask for password  including application launched by the said user  This might be a security risk though

User · Answer

You have to use Popen like this   cmd     sudo    apache2ctl    restart   proc   subprocess Popen cmd  shell True  stdin subprocess PIPE  stdout subprocess PIPE  stderr subprocess PIPE    It expects a list

[python] running a command as a super user from a python script

Examples related to python

Examples related to subprocess

Examples related to sudo