Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a light meter which has Python3 libraries which seem to require root access. I don't want the whole script to run as root, just the part which reads the light intensity. I wonder what are the established best practices for dealing with that.
Running a script on-demand just to read the meter is very sluggish and introduces a variable but massive amount of lantency into the workflow. So I am guessing something needs to be left running. How should other scripts and progrmas then poll the script which monitors the meter? Sockets? FIFO pipe? Others?
Use Apache as an example. One process listening on ports 80 and 443, which must run with root privileges. HTTP requests that it receives are sent to the worker processes, which also run all the time in the background, but under the apache identity.
How the root process communicates with the apache processes is probably not a security question (I don't know, off-hand, how Apache does it). I'd implement whatever communication method is most convenient for your use case and for whatever Python has to offer. A socket-based solution may have the advantage that you could easily port the program to client and server running on several computers.
Are there any more recent concise theoretical overviews than Dr Provos' Privilege Separated OpenSSH from 2003? The information there is still valid but I would like to see additional thoughts on the task.
I have no idea what is this, but probably giving permission to the user to the given device will solve this issue. Would be nice to know why does it need root access.
From the other hand you may try to construct a daemon process which will read that device (as root) and you can use a socket (or an api) to communicate with that daemon.
Would be nice to know why does it need root access.
No idea but the early iterations of these things are often written by hardware bros resentful of coding and they are infamous for disliking layered security or updates. This year I have read enough that I can understand how they ended up with that world view but at the same time hardware is not hardware any more. But I digress.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.