Any "blessed" way to run a plug in with root permissions ?

Forum rules

This is a legacy forum which is locked for new topics. New topics should be started in one of the other forums under Extending Indigo

Posted on
Sun Mar 24, 2013 9:25 am
asw24b offline
Posts: 222
Joined: Dec 30, 2007
Location: Los Altos Hills, CA

Any "blessed" way to run a plug in with root permissions ?

I wanted to create a simple syslog listener so I can monitor my Apple AirPort for people trying to hack it from the outside.

The plug in would be ~30 lines of code; unfortunately when I try to open a listener on UDP port 514, I get:


Traceback (most recent call last):
File "plugin.py", line 123, in runConcurrentThread
File "/System/Library/Frameworks/Python.framework/Versions/2.5/Extras/lib/python/twisted/internet/posixbase.py", line 364, in listenUDP
File "/System/Library/Frameworks/Python.framework/Versions/2.5/Extras/lib/python/twisted/internet/udp.py", line 101, in startListening
File "/System/Library/Frameworks/Python.framework/Versions/2.5/Extras/lib/python/twisted/internet/udp.py", line 109, in _bindSocket
<class 'twisted.internet.error.CannotListenError'>: Couldn't listen on any:514: (13, 'Permission denied').


Any creative ideas ?

Thanks !

Mike

Posted on
Sun Mar 24, 2013 2:24 pm
matt (support) offline
Site Admin
User avatar
Posts: 21411
Joined: Jan 27, 2003
Location: Texas

Re: Any "blessed" way to run a plug in with root permissions

How about using ipfw as detailed here so that the plugin is listening to a higher port number but that get forwarded to the lower (root only) port space?

Image

Posted on
Mon Mar 25, 2013 5:59 pm
Perry The Cynic offline
Posts: 836
Joined: Apr 07, 2008

Re: Any "blessed" way to run a plug in with root permissions

I wanted to create a simple syslog listener so I can monitor my Apple AirPort for people trying to hack it from the outside.

Whenever you're tempted to the root side of the force, look hard to see if you can stay on the righteous path instead. In your case, you can configure syslogd to receive log messages from network devices and write them to a local file that mere mortal processes can read. If you feel tricky, you can even make syslogd write to a named pipe or Unix Domain Socket that your plugin is listening on. It obviously depends on your comfort level with UNIX coding.

Cheers
-- perry

Page 1 of 1

Who is online

Users browsing this forum: No registered users and 3 guests