Running python script as root

Question

I have the following script:

#!/usr/bin/env python                                                           

import sys                                                                      
import pyttsx                                                                   

def main():                                                                     
        print 'running speech-text.py...'                                       
        engine = pyttsx.init()                                                  
        str = "Hi..."                                    
        if len(sys.argv) > 1:                                                   
                str = sys.argv[1]                                               
        engine.say(str)                                                         
        engine.runAndWait()                                                     

if __name__ == '__main__':                                                      
        main() 

and I have placed it in /usr/bin/speech-test.py

I have also given it executable permissions and ownership to root:

sudo chown root:root /usr/bin/speech-test.py
sudo chmod 4755 /usr/bin/speech-test.py

However, this script will only run correctly if I run as sudo speec-test.py. If I try to run it as just speech-test.py it complains about not finding a bunch of ALSA lib files.

Am I missing something to have my script run with root privileges?

Answer 1

I'm not really sure if this is a great method. I tried it and it works fine on arch linux. Let me what you think. If you write a script to execute the .py as different system group, that group can own a python interpreter and have specified root capabilities.

mkdir roottest && cd roottest
sudo cp /usr/bin/python<ver> ./
sudo groupadd -r rootpython
sudo usermod -a -G rootpython <user>
newgrp rootpython
sudo chown root:rootpython python<ver>
sudo chmod 750 $bin                       #that way a normal user can't rwx the python interpreter and the rootpython group cant write.
sudo setcap <caps> ./python<ver>              #now the group has specify caps allowing it to act like root
sudo getcap ./python<ver>
sudo sh
touch rootfile && echo "original text" > rootfile

open a new prompt as regular user

newgroup rootpython
cd roottest && ./python<ver>
>> open('rootfile', 'w').write("different text")
sudo cat rootfile

This method is way more secure than sudo if used properly because python can only do what you let it and does not have complete control of the system. The downside is having to either make a copy of the interpreter or to not allow the regular user's group to use it. DO NOT run all your python code like this, its a big vulnerability if not needed. The cap_net_admin+ep will allow you to change the kernal var ip_forward and for the example above you need cap_dac_override+ep. You can also create a newuser that belongs to the rootpython group, that way you can't just newgrp rootpython without entering the newuser's password.

Answer 2

Idk but replacing #!/usr/bin/env python by #!/bin/python worked for me.