Connect plugin to program

John (J5) Palmieri johnp at redhat.com
Mon Sep 15 08:41:34 PDT 2008


On Sun, 2008-09-14 at 13:14 +0200, Timo wrote:
> Ignacio Vazquez-Abrams schreef:
> > On Sat, 2008-09-13 at 14:23 +0200, Timo wrote:
> >   
> >> Hello all, I want to know if the following can be done with d-bus.
> >> I have written a program that needs to do all of it's commands as root, 
> >> so I always start it as root. Now I want to write a plugin for a 
> >> messenger client that also needs to do these commands, but instead of 
> >> activating the plugin as root, I was thinking if it was possible to 
> >> start my main program (as root ofcourse) and then let the plugin use the 
> >> commands in the program. So the plugin can be used as normal user, but 
> >> can execute commands that need root-privileges.
> >> Can d-bus do something like this? The program + plugin are written in 
> >> Python.
> >>     
> >
> > Take a look at hal and gnome-volume-manager for an example of something
> > like this.
> >
> >   
> 
> Thanks, but I know very little about C, so has anyone tips/examples for 
> doing this in Python?
> 
> I found a simple example ( 
> http://www.flaper87.org/2008/06/04/communicating-with-our-application-using-python-and-dbus 
> ), and it works. But if I start the code as root (like my program will 
> be), I can't connect to it as normal user.
> 
> Timo

First you should check out oddjob
(http://people.redhat.com/nalin/oddjob/) which runs scripts as root but
also supplies a security model on top.  It is written in C but uses XML
files to describe what messages to execute scripts on and who has access
to those scripts.

Secondly, if you want to talk to a daemon running on the system bus,
that daemon must have an associated policy file which describes who can
talk to that daemon.  Check out /etc/dbus-1/system.d for examples.
Remember if you don't configure that correctly it could become a huge
security hole.

 
-- 
John (J5) Palmieri <johnp at redhat.com>



More information about the dbus mailing list