Python远程过程调用(不带远程部分)
我有一个不以 root 身份运行的 Python 服务器,它面向我正在开发的应用程序。然而,有一些应用程序功能需要访问 RAW 套接字,这意味着 root 权限。
显然,我不想以 root 身份运行主服务器,因此我的解决方案是创建一个守护进程进程或命令行脚本,以 root 身份运行,提供对所述功能的受保护访问。
但是我想搁置 stdin/stdout 通信并使用 RPC 风格的交互,例如 Pyro< /a>.但这会将 RPC 接口暴露给任何可以通过网络访问该计算机的人,而我知道调用 RPC 方法的进程将是同一台计算机上的另一个进程。
是否没有一种可以以类似(仅限本地计算机)方式使用的进程间过程调用标准?我想象服务器会做这样的事情:
# Server not running as root
pythonically, returned, values = other_process_running_as_root.some_method()
并且以 root 身份运行的进程公开一个方法:
# Daemon running as root
@expose_this_method
def some_method():
# Play with RAW sockets
return pythonically, returned, values
这样的事情可能吗?
I have a Python server which is not running as root, which fronts an application I am developing. However there are some application features which require access to RAW sockets which means root privileges.
Obviously I do not want to run the main server as root, and so my solution is to create a daemon process or command line script which runs as root providing guarded access to said features.
However I want put aside stdin/stdout communication and use an RPC style of interaction such as Pyro. But this exposes the RPC interface to anyone with network access to the machine, whereas I know that the process calling the RPC methods will be another process on the same machine.
Is there not a sort of inter-process procedure call standard which could be used in a similar (local machine only) fashion? I imagine the server doing something like this:
# Server not running as root
pythonically, returned, values = other_process_running_as_root.some_method()
And the process running as root exposing a method:
# Daemon running as root
@expose_this_method
def some_method():
# Play with RAW sockets
return pythonically, returned, values
Is anything like this possible?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
根据我的评论,我很想看看这是否可能,所以我尝试将其放在一起: https:/ /github.com/takowl/ZeroRPC
请记住,这是在一个小时左右的时间内拼凑而成的,因此它几乎肯定不如任何严重的解决方案(例如,服务器端的任何错误都会使其崩溃......) 。但它按照您的建议工作:
服务器:
客户端:
Following my comment, I was interested to see if it was possible, so I had a go at putting this together: https://github.com/takowl/ZeroRPC
Bear in mind that this is thrown together in an hour or so, so it's almost certainly inferior to any serious solution (e.g. any errors on the server side will crash it...). But it works as you suggested:
Server:
Client:
这是一个简单的问题。您应该能够从任何可以使用 Unix 套接字的 RPC 机制中获得您想要的内容,或者使用常规 TCP 套接字但仅接受来自环回接口的连接(侦听 127.0.0.1)。
Python标准库中的多处理库也支持本地IPC。 http://docs.python.org/library/multiprocessing.html#module -multiprocessing.connection
This is an easy problem. You should be able to get what you want from any RPC mechanism that can use Unix sockets, or use regular TCP sockets but only accept connections from the loopback interface (listen on 127.0.0.1).
The multiprocessing library in the Python standard library supports local IPC, too. http://docs.python.org/library/multiprocessing.html#module-multiprocessing.connection
Pyro 有许多安全功能专门用于限制访问到 RPC 接口。使用这些是否会对性能造成太大负担?
Pyro has a number of security features specifically to limit the access to the RPC interface. Are these too much of a performance burden to use?