Linux 在python中更改用户
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/8025294/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Changing user in python
提问by sethu
I am writing a simple script which restarts a hadoop slave. In the script, I have to do some initial changes as a root user. After that I have to change to user "hadoop" and perform set of commands. I was using os.system to run commands but I doubt whether it works well. For example:
我正在编写一个简单的脚本来重新启动一个 hadoop slave。在脚本中,我必须以 root 用户身份进行一些初始更改。之后,我必须更改为用户“hadoop”并执行一组命令。我正在使用 os.system 来运行命令,但我怀疑它是否运行良好。例如:
uid=pwd.getpwnam('hadoop')[2]
os.setuid(uid)
os.system('whoami')
os.chdir('/home/hadoop/hadoop/')
os.system('bin/hadoop-daemon.sh stop tasktracker')
Again I have to perform some commands as root after this and again become user "hadoop" and execute :
在此之后,我必须再次以 root 身份执行一些命令,然后再次成为用户“hadoop”并执行:
os.system('bin/hadoop-daemon.sh stop tasktracker')
I have three questions here ,
我在这里有三个问题,
Is os.system is the best command that I can use to issue linux commands ?
I am able to change from root user to user hadoop by the commands above but I am not able to change to root user (I can understand there will be security issues if they permit this, I want to know is there any possibility to do that , atleast by passing password) ?
Does os.setuid() work ? whoami prints user hadoop but the process "tasktracker" is not stopped using those command, but if i perform the same commands manually it works fine (I use "su hadoop" instead of setuid while trying it out manually).
os.system 是我可以用来发出 linux 命令的最佳命令吗?
我可以通过上面的命令从 root 用户更改为 hadoop 用户,但我无法更改为 root 用户(我可以理解如果他们允许这样做会出现安全问题,我想知道是否有可能这样做,至少通过传递密码)?
os.setuid() 工作吗?whoami 打印用户 hadoop 但进程“tasktracker”没有停止使用这些命令,但如果我手动执行相同的命令它工作正常(我在手动尝试时使用“su hadoop”而不是 setuid)。
Thanks for all your help.
感谢你的帮助。
- Sethu
- 塞图
采纳答案by Mike
you could use:
你可以使用:
os.system('sudo -u hadoop bin/hadoop-daemon.sh stop tasktracker')
or if you dont have sudo, but have su
或者如果你没有 sudo,但有 su
os.system('su hadoop -c "bin/hadoop-daemon.sh stop tasktracker"')
回答by Raymond Hettinger
I haven't done this myself but I see several osfunctions that may apply. They start here: http://docs.python.org/library/os.html#os.setegid
我自己没有这样做,但我看到几个可能适用的os函数。他们从这里开始:http: //docs.python.org/library/os.html#os.setegid
Also, there was a thread on the tutor list that addressed the topic: http://mail.python.org/pipermail/tutor/2002-December/018981.html
此外,导师名单上有一个主题讨论该主题:http: //mail.python.org/pipermail/tutor/2002-December/018981.html
The os.systemapproach is limited because it only returns an error code. The subprocess.Popentoolset is more flexible.
在使用os.system的方法是有限的,因为它只返回错误代码。该subprocess.Popen工具集更加灵活。
回答by Ivan Blinkov
This kind of scripts can be implemented much cleaner with use of fabric library: http://docs.fabfile.org/en/1.3.1/index.htmlAdditionally it provides nice command-line interface and capabilities of remote servers management via ssh. All the python is available so you can connect to databases for example or import whatever you need.
使用结构库可以更清晰地实现这种脚本:http: //docs.fabfile.org/en/1.3.1/index.html此外,它还提供了不错的命令行界面和通过 ssh 管理远程服务器的功能. 所有的python 都可用,因此您可以连接到例如数据库或导入您需要的任何内容。
Exactly the question about running commands as some other user can be implemented with sudo command with user arg: http://docs.fabfile.org/en/1.3.1/api/core/operations.html#fabric.operations.sudo
关于以其他用户身份运行命令的确切问题可以使用用户 arg 的 sudo 命令来实现:http: //docs.fabfile.org/en/1.3.1/api/core/operations.html#fabric.operations.sudo
回答by MarkR
It is a much better idea to use "su" than to switch the user ID using os.setuid().
使用“su”比使用 os.setuid() 切换用户 ID 好得多。
Why?
为什么?
- "su" will set up the login credentials correctly, including the group ID, and supplemental groups
- "su" will also do other useful things, such as setting environment variables (particularly if you use su - ). Maybe it will also set ulimit limits according to limits.conf.
- “su”将正确设置登录凭据,包括组 ID 和补充组
- "su" 还会做其他有用的事情,比如设置环境变量(特别是如果你使用 su - )。也许它也会根据limits.conf设置ulimit限制。
