The most reliable way to identify the current user via sudo
I have an app that may or may not run when a user is sudo to a shared user account. For some kind of “honor system” ACL, I want to reliably determine who the real user is. I think there are ways to track parent/group/session process IDs like the pstree
command, but I’m not sure how best to do it or if there’s a better option.
I initially tried getlogin().
If you use ./myapp
, you will work, but it will be | because of the ‘cat input failed./myapp’ (because the “control terminal” is a pipe owned by a shared account).
I’d rather not trust environment variables because I don’t want my “honor system” to be completely hindered by a simple unset
, while the information is still available elsewhere.
I
also want to avoid forced lookups in the password database because this is a remote RPC (NIS or LDAP) and I’m pretty sure wtmp
already contains the information I need.
Solution
For shell scripts, you can use it to get sudo user:
WHO=$(who am i | sed -e 's/ .*//'`)
and extract the ID from the login using the following method:
ID_WHO=$(id -u $WHO)
I’ll figure out the equivalent C library later.