18

I have got postfix installed on my machine and I am updating virtual_alias on the fly programmatically(using python)(on some action). Once I update the entry in the /etc/postfix/virtual_alias, I am running the command:

sudo /usr/sbin/postmap /etc/postfix/virtual_alias 2>>/work/postfix_valias_errorfile
But I am getting the error:
sudo: sorry, you must have a tty to run sudo

I want to run the mentioned sudo command in a non-human way(meaning, I am running this system command from a python script.). So how do I get this command run programmatically?

Improve this question

6 Answers 6

Reset to default
21

You can either run your python script as root itself - then you won't need to add privilege to reload postfix.

Or you can configure sudo to not need a password for /etc/init.d/postfix.

sudo configuration (via visudo) allows NOPASSWD: to allow the command without a password. See http://www.sudo.ws/sudo/man/sudoers.html#nopasswd_and_passwd

<username>  ALL = NOPASSWD: /etc/init.d/postfix

or something similar.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Douglas! How do I configure sudo to not need a password on that script(/etc/init.d/postfix reload) alone?
Making sudo need not passwork is subject of sudoers, and out of the scope of programming question, sudo can be configured per program per user.
3 
#include <unistd.h>
#include <stdlib.h>

// gcc -o reload_postfix reload_postfix.c
// chown root reload_postfix
// chmod +s reload_postfix

int main( int argc, char **argv ) {
    setuid( geteuid() );
    system("/etc/init.d/postifx reload");
}

Wrap your command in setuid-ed program. This will let any user restart postfix. You can of course further restrict the execute permission to certain groups.

Improve this answer

3 Comments

I was talking about python script!
Since you're making postfix configuration changes, I assumed this is for a server and that security would be far more important than using a specific programming language. You can't setuid() scripts because of the way they are executed, hence this solution (a very common one).
sudo is considered be superior way to gain root privileges. It changes idea of scattering setuid bits across filesystem to single executable capable of that functionality (sudo) with central configuration, more flexible policies with audit-able usage.
3

To answer the error:"sudo: sorry, you must have a tty to run sudo", we have a setting called "Defaults requiretty" in sudoers file. I tried commenting it out and it worked :D.

Improve this answer

1 Comment

The other way is to stick an exclamation mark in front of requiretty i.e. "Defaults !requiretty". That way anyone reading the sudoers file can see that you're explicitly allowing sudo without a tty
2 
import os
os.popen("sudo -S /etc/init.d/postifx reload", 'w').write("yourpassword")

This of course is almost always not a good idea as the password is in plain text.

Improve this answer

3 Comments

A sudo password in plaintext is a TERRIBLE idea, there are far more secure ways. The setuid bit specifically addresses this concern.
Plain text password? Eeek! Set NOPASSWD in /etc/sudoers for the user or group, so no password will need to be supplied to sudo.
It's not that much of a bad idea if you want a quick and dirty solution on your own personal computer. It's just bad in a production environment.
1

if you're gonna do this in python you should just do the following:

write this command before the line that you call the shell command

os.setuid(os.geteuid())

then, you call the shell command without "sudo" prefix

Improve this answer

Comments

0

See StackLick

You need to grant a user to run sudo command without password.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.