[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Google
  Web www.spinics.net

Re: get logged in username



On Sat, Sep 19, 2009 at 12:35:44PM +0430, Mohsen Alimomeni wrote:
> This is the exact scenario:
> When I use the command "ssh admin@host", the user is authenticated by
> a custom Pam module, and it's given the UID, GID and shell from a
> custom nss module. The shell is also a custom CLI, which needs the
> username - not the UID - to operate well. 

This is a fine example of why usernames and UIDs should always have a
1-to-1 correspondence.  As far as the OS is concerned, the UID is what
identifies a user uniquely, not its username.  Also, you've reduced
the accountability of your system: for example, if user "foo" and
user "bar" both have UID 1234, then when bar creates a file, it will
appear to have been created by foo (assuming foo appears first in
/etc/passwd, or is returned first in whatever mechanism your system
uses to look up UIDs and usernames).  Likewise, when user bar does
something that normally gets logged, it will be logged under user foo
(given the same conditions).

This is, in general, bad.  You likely may encounter other things which
break subtlely, or not so subtlely.  I don't know what problem you're
trying to solve by doing this, but there's probably a better way.

-- 
Derek D. Martin
http://www.pizzashack.org/
GPG Key ID: 0x81CFE75D

Attachment: pgpiYfjdT0o9v.pgp
Description: PGP signature


[Home]     [Fedora Users]     [Fedora Legacy]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

Add to Google Powered by Linux