[mod_python] process privileges

Eric Walstad eric at ericwalstad.com
Fri Aug 26 14:38:13 EDT 2005


On Friday 26 August 2005 11:08, Jon-Pierre Gentil wrote:
> On Friday 26 August 2005 11:31 am, Khormaee, Cy wrote:
> > I'm currently trying to run pdflatex on a machine with RedHat
> > Linux Corporate 3.0 by calling the os.system() command from mod
> > python.  I am able to complete this operation from the command
> > line python interpreter, but ill I get back when trying to run
> > the command from apache/mod python all I receive is '256' and no
> > changes are made to the file system.  All of the folders involved
> > are set for full access(unix privilege 777).  My current guess is
> > that this issue has something to do with apache's priority, but
> > haven't been able to confirm this suspicion yet.  If you can
> > provide any hints on how to debug this it would be much
> > appreciated.
>
> If you could show us some code it would help.  Having a different
> priority should not affect filesystem access, but running in apache
> is a lot different than running manually in the interpreter, since
> you would run as a completely different user and most likely not
> have a home directory.

I've had luck running a system process triggered with mod_python by:

 1.  setup the sudo file to allow the Apache process (user www-data on 
my debian box) to run a particular shell command.  Here a sample of 
my sudo file:

# User alias specification
User_Alias      APACHE = www-data
# Cmnd alias specification
Cmnd_Alias      MOD_PYTHON_BRANCH = /path/to/shell/script.sh
# User privilege specification
APACHE          LOCALHOST = NOPASSWD: MOD_PYTHON_BRANCH

 2.  Call the register_cleanup method of the mod_python request object 
to basically detach the system process (the shell script) from the 
mod_python request.  You may not need to do it this way, but I did 
because my shell script took a long time to complete and I didn't 
want the web user waiting for it to complete.

    req.register_cleanup(buildIt, working_dir)

def buildIt(working_dir):
    """The 'callable object' needed by req.register_cleanup.
    All this does is call the shell script.
    """
    r, shell_script_output = \
      commands.getstatusoutput(SHELL_SCRIPT_COMMAND % working_dir)

If you search the mod_python list archives for my email address and 
"register_cleanup" you will find more details.

I hope that helps.

Eric.


More information about the Mod_python mailing list