我有一个python脚本,打算以用户iron_nads身份运行。用户没有shell或凭据:
[master_bones@everest ~]$ grep iron_nads /etc/passwd
iron_nads:x:36000:36000:iron_nads user.:/var/empty/iron_nads:/sbin/nologin
此用户可以成功列出/ var / log:
[master_bones@everest ~]$ sudo -u iron_nads /bin/ls /var/log/
maillog
cron
messages
但是,当我在Python解释器中尝试相同的命令时,我得到了一个拒绝的权限:
[master_bones@everest ~]$ sudo -u iron_nads python
>>> import subprocess
>>> subprocess.call(['/bin/ls', '/var/log'], shell=True)
Traceback (most recent call last):
File "<stdin>", line 1, in ?
File "/usr/lib64/python2.4/subprocess.py", line 419, in call
return Popen(*args, **kwargs).wait()
File "/usr/lib64/python2.4/subprocess.py", line 550, in __init__
errread, errwrite)
File "/usr/lib64/python2.4/subprocess.py", line 993, in _execute_child
raise child_exception
OSError: [Errno 13] Permission denied
有趣的是,os.listdir()有效:
>>> os.listdir('/var/log')
['maillog', 'cron', 'messages']
我尝试使用shell = False,如下所示:
>>> subprocess.call(['/bin/ls', '/var/log'], shell=False)
我也尝试过:
>>> subprocess.call('/bin/ls /var/log', shell=True)
不幸的是,两者都会导致相同的Permission denied错误。
可能导致此问题的原因是什么?