[mod_python] modpython with root privilege

Graham Dumpleton graham.dumpleton at gmail.com
Sat Oct 4 20:28:18 EDT 2008 

2008/10/5 Handrix <handrix at gmail.com>:
> Hello,
>
> Well i need to run some modpython script with root permissions, how can i
> realize this ?
> i know that with CGI files we can use the suexec mode, so what about the
> modpython ?

To do that would require running all Apache processes as root. Ie.,
User equals root in Apache configuration. This would be a huge
security risk and should not be done as then everything running under
Apache would run as root.

If you can turn your application into a Python WSGI application, you
could use mod_wsgi instead and dedicate a daemon mode process to run
as root, with your WSGI application delegated to run in that process.

You would have to be very careful and would advise against running any
arbitrary user code on same Apache instance in case a misconfiguration
results in other users code running as root. There is a feature
planned for mod_wsgi which would require script owner to match daemon
process owner, which would help control things a bit more precisely
and limit risk some more, but still have to be careful of
misconfiguration.

Graham

More information about the Mod_python mailing list