All geek questions in one place

The most reliable way to identify the current user through sudo

I have an application that may or may not run while users are connected to the user's shared account. I would like to reliably determine who the real user is for a kind of ACL "honor system". I think there is some way tracking the parent / group / session process, as the command does pstree, but I'm not sure how to do it better or if there are better alternatives.

I tried it getlogin()initially. This works if used ./myapp, but with the error "cat input |. / Myapp` (because the" control terminal "is a channel belonging to a shared account).

I would rather not trust the environment variables, since I do not want my "honor system" to be completely interrupted simply unsetwhen the information is still available elsewhere.

I would also like to avoid forcing the password database because it is a remote RPC (NIS or LDAP), and I am sure it wtmpalready contains the information I need.

+3
source share
3 answers

For a shell script, you can use this to get the user sudo'ing:

WHO=$(who am i | sed -e 's/ .*//'`)

and extract the id from the input using:

ID_WHO=$(id -u $WHO)

I will choose the equivalent of the C library later.

+2
source

sudosets environment variables SUDO_USER, SUDO_UIDand SUDO_GID.

:

$ sudo env
[sudo] password for shteef: 
TERM=xterm
# [...snip...]
SHELL=/bin/bash
LOGNAME=root
USER=root
USERNAME=root
SUDO_COMMAND=/usr/bin/env
SUDO_USER=shteef
SUDO_UID=1000
SUDO_GID=1000

, , .

+1

:

#!/usr/bin/ksh
username=`id | cut -d"=" -f2 | cut -d" " -f1`

if [ $username == "0(root)" ]
then
  print "Yes, the user is root"
else
 print "Sorry! the user $username, is not a root"
fi
+1

Source: https://habr.com/ru/post/1731684/

More articles:


All Articles