ragulin
Posts: 60
Joined: Tue Dec 22, 2015 6:52 pm

SUDO Python

Fri Jun 10, 2016 9:49 pm

Hi, what should I do to void need of using SUDO to run python script?

User avatar
DougieLawson
Posts: 35823
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: SUDO Python

Fri Jun 10, 2016 9:59 pm

Why do you think your script needs sudo?
Note: Having anything humorous in your signature is completely banned on this forum. Wear a tin-foil hat and you'll get a ban.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

asandford
Posts: 1997
Joined: Mon Dec 31, 2012 12:54 pm
Location: Waterlooville

Re: SUDO Python

Fri Jun 10, 2016 10:11 pm

ragulin wrote:Hi, what should I do to void need of using SUDO to run python script?
Ascertain what rights are needed and add yourself to the appropriate group.

asandford
Posts: 1997
Joined: Mon Dec 31, 2012 12:54 pm
Location: Waterlooville

Re: SUDO Python

Fri Jun 10, 2016 10:12 pm

asandford wrote:
ragulin wrote:Hi, what should I do to void need of using SUDO to run python script?
Ascertain what rights are needed and add yourself to the appropriate group.
EDIT. The root group is never appropriate.

ragulin
Posts: 60
Joined: Tue Dec 22, 2015 6:52 pm

Re: SUDO Python

Fri Jun 10, 2016 10:34 pm

asandford wrote:
asandford wrote:
ragulin wrote:Hi, what should I do to void need of using SUDO to run python script?
Ascertain what rights are needed and add yourself to the appropriate group.
EDIT. The root group is never appropriate.

Why? How? Im linux noob...I dont know what group do you even speak bout...I just have to use sudo when I run the script, and my profesor told me that it is insecure and asked me what I need to change, if I dont wanna use the sudo order

SonOfAMotherlessGoat
Posts: 690
Joined: Tue Jun 16, 2015 6:01 am

Re: SUDO Python

Fri Jun 10, 2016 10:37 pm

If this is a school assignment, then you probably aren't going to get too much help around here. But there's a really popular website that you could go to to ask "Why is sudo bad" and get back tons of great research material that will help you in your understanding of root accounts and elevate privileges and what exactly you are doing as root. Your future employer (if this is your field) will thank you for not destroying their infrastructure.
Account Inactive

ragulin
Posts: 60
Joined: Tue Dec 22, 2015 6:52 pm

Re: SUDO Python

Fri Jun 10, 2016 10:48 pm

SonOfAMotherlessGoat wrote:If this is a school assignment, then you probably aren't going to get too much help around here. But there's a really popular website that you could go to to ask "Why is sudo bad" and get back tons of great research material that will help you in your understanding of root accounts and elevate privileges and what exactly you are doing as root. Your future employer (if this is your field) will thank you for not destroying their infrastructure.
To be exact, this is question from oponent in my graduation work at college at monday, and Id really like to know how to get rid of the need of sudo. I know that I can change it somehow in script, or change rights, but I have no idea how to do it.

Can I even use GPIO pins without being root ? (sudo) ...how?

asandford
Posts: 1997
Joined: Mon Dec 31, 2012 12:54 pm
Location: Waterlooville

Re: SUDO Python

Fri Jun 10, 2016 11:29 pm

ragulin wrote: To be exact, this is question from oponent in my graduation work at college at monday, and Id really like to know how to get rid of the need of sudo. I know that I can change it somehow in script, or change rights, but I have no idea how to do it.

Can I even use GPIO pins without being root ? (sudo) ...how?
You need to understand why you can't do something first. As everything in *nix is a file, that means you may not have permission to read, write or both to the files that control GPIO.

I think there is now GPIOZero allows access without root.

User avatar
Douglas6
Posts: 4740
Joined: Sat Mar 16, 2013 5:34 am
Location: Chicago, IL

Re: SUDO Python

Fri Jun 10, 2016 11:48 pm

Of course, it may not be GPIO that's preventing access. May not even be file permissions. Could be a lack of Linux capabilities to access hardware ports, or D-Bus policies restricting D-Bus access, no telling at this point.

[EDIT: Oops, the OP did mention GPIO. Sorry, nevermind.]
Last edited by Douglas6 on Sat Jun 11, 2016 12:03 am, edited 1 time in total.

ragulin
Posts: 60
Joined: Tue Dec 22, 2015 6:52 pm

Re: SUDO Python

Fri Jun 10, 2016 11:53 pm

asandford wrote:
ragulin wrote: To be exact, this is question from oponent in my graduation work at college at monday, and Id really like to know how to get rid of the need of sudo. I know that I can change it somehow in script, or change rights, but I have no idea how to do it.

Can I even use GPIO pins without being root ? (sudo) ...how?
You need to understand why you can't do something first. As everything in *nix is a file, that means you may not have permission to read, write or both to the files that control GPIO.

I think there is now GPIOZero allows access without root.
Ok, so because I dont have right to write in files that use GPIO, I have to use sudo. When I dont wanna use sudo, I should for example write some program which drives GPIO pins, which would be my own, and via this use the GPIO without SUDO permisions?
The sudo is wrong, because it is unsecure. When I use sudo, and somebody would steal the password, he would get acess to all stuff in my device, if I understand it right from what I read via internet?
If Id like to use the python script, which uses GPIO pins without sudo, I should use the GPIO zero?

Thanks, its really 11:59 question for me as long as I have to present the work at monday. You are really pulling needle out of my heel here

asandford
Posts: 1997
Joined: Mon Dec 31, 2012 12:54 pm
Location: Waterlooville

Re: SUDO Python

Sat Jun 11, 2016 12:32 am

ragulin wrote:
Ok, so because I dont have right to write in files that use GPIO, I have to use sudo. When I dont wanna use sudo, I should for example write some program which drives GPIO pins, which would be my own, and via this use the GPIO without SUDO permisions?
The sudo is wrong, because it is unsecure. When I use sudo, and somebody would steal the password, he would get acess to all stuff in my device, if I understand it right from what I read via internet?
If Id like to use the python script, which uses GPIO pins without sudo, I should use the GPIO zero?

Thanks, its really 11:59 question for me as long as I have to present the work at monday. You are really pulling needle out of my heel here
sudo is neither wrong or unsecure, but is often used when not required or used to override something you really shouldn't be doing. You must understand why you (as the pi user) aren't permitted to do things.

swampdog
Posts: 230
Joined: Fri Dec 04, 2015 11:22 am

Re: SUDO Python

Sat Jun 11, 2016 2:24 am

'sudo' allows you to run something as if you were somebody else. Typically it is used to run something as the 'root' user. The root user can do anything, good or bad, without question.

If you erroneously run something as root then realise your mistake, you may find your program does not work - even if it would have done had you not run it as root in the first place.

Please note it is common is the unix world to denote the root user as '#' and some other user as '$' so when I say..

# touch /tmp/z

..I mean you need to be root when you run it. If I say..

$ touch /tmp/z

..then you are some non-root user.

Try this..

$ sudo su -
# touch /tmp/z
# exit
$ rm -v /tmp/z
rm: remove write-protected regular empty file ‘/tmp/z’? n
$ls -l /tmp/z
-rw-r--r-- 1 root root 0 Jun 11 01:36 /tmp/z

You can't delete that file (easily) because of its file permissions. This can..

$ sudo rm -v /tmp/z
removed ‘/tmp/z

Most mainstream linux operating systems will not allow a non privileged user ($) to become root (#) unless they are allowed to do so by the 'sudo' configuration file "/etc/sudoers".

$ cat /etc/sudoers
cat: /etc/sudoers: Permission denied

The RPI has the 'pi' user in there by default..

$ sudo cat /etc/sudoers | grep pi
pi ALL=(ALL) NOPASSWD:ALL

..so you can say "sudo su -" with no password and gain root (#) privileges. The RPI is an educational tool. The feature is preset - ordinarily nobody can "sudo su -" on any linux system: it has to be set up by the administrator.

They key thing to look at is the permissions. Take "/tmp/z" (rw-r--r-). They are (loosely) presented as three pairs of three. Consider them as "rw-", "r--", "r--". The first set apply to the owner of the file, the second set to the group of the file, the third set to everybody else.

"/tmp/z" is owned by root(#). This is why unprivileged user ($) failed to delete the file. Group and Everyone else only get read access.

If you need to read manual pages then "$ man man" or "$ info info", "$ apropos -k {foo}" (aka: apropos -k chmod).

In summary, if you've read this far is this..

Because you've been "sudo-ing" stuff you've likely created a load of root-owned files. Now that you know not to do that your programs are not working because they can't change those root owned files. This can be tricky, even for an expert.

If you create only a few known files then "man chown" else back them up, reinstall, recover and forget you ever knew "sudo".

I know that's a lot of reading to do this weekend but if you can prove to your professor you are on the road understanding. :-)

Return to “Beginners”