Dear brothers, I will tried my very best to do this right

Here we go, last week I was looking for alternative to sudo

https://www.sudo.ws/other.html

Why, because this

https://security.stackexchange.com/questions/219989/sudo-white-list-just-program-perl

for python I found

https://github.com/openstack/oslo.privsep 
OpenStack’s privilege mechanism has evolved over time from simple sudo
+ers file to rootwrap.

The rootwrap security policy revolves around whitelisting particular c
+ommand lines via the configuration of various “filters”. Configuring 
+these correctly are hard, because the filters have limited expressive
+ness, command line tools typically weren’t expected to be the privile
+ge boundary, and the “context” of the original operation has already 
+been lost at this level.

Generating command lines and parsing textual output from tools is slow
+ and susceptible to inconsistencies across tool versions, since typic
+ally this output was not designed as a programmatic API.

This spec proposes a new privilege mechanism that is based around pyth
+on function calls rather than command lines

OpenStack library for privilege separation

This library helps applications perform actions which require more or 
+less privileges than they were started with in a safe, easy to code a
+nd easy to use manner.

In a similar way to rootwrap-daemon, privsep runs two processes - one 
+with and one without privileges. The privileged process is as minimal
+ as possible, and is written to assume it is possibly under attack by
+ the unprivileged process.

To limit the impact of a potential exploit, this spec proposes the pri
+vileged process support the use of Linux capabilities to allow the pr
+ocess to drop broad root (uid=0) superpowers but keep a limited subse
+t

[download]

So my question, do you know some perl program or c library like python library?

If not exist I will tried to do this approach: see post of Nominal Animal

https://stackoverflow.com/questions/13040644/setuid-equivalent-for-non-root-users

what do you think about this approach?

In reply to Modern and Robust Module for privilege separation Linux by Thenothing

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.