I host a flask web app on a Raspberry Pi that has controls for my LED light strip. It all works great when I run the server with python as the root user, but I am having difficulty deploying it with Apache mod_wsgi. I want to use htttps, so deploying it seems to be necessary, but Apache doesn't seem to allow running servers with root privileges. Root is necessary to control the lights through a library that is imported in the flask server.
Is there any way to deploy a flask server with root privileges? If not, it it possible to use https (from letsencrypt.org) without deploying? Are there any other ways to get around this problem?
I would not run the web server as root for security reasons.
Instead, I suggest to:
You mention deployment, if you are packaging this into an rpm, I would put the sudo definitions in /etc/sudoers.d/youpackage
Another option would be to split you app and use some sort of messaging system - either by having rows in a database table or use a messaging server such as rabbit mq (there are other servers but I find it very easy to setup). A separate process running as root would do the actual turning on/off the lights. Your frontend would simply send a message like "lights off" and the other process -which could be running as root- would get a message when needed. The advantage with this approach is that the web process never has any root privilege and even if it has a hole, damage is limited.