SEO

Hi,
I want to find out the original user id of any given process..
Original user in the sense, if I had done su to user 'Y' from login
shell of user 'X' , then all the processes run by 'Y' on su shell
should report me that original user is 'X'. Well this was the basic
requirement, and most imp. requirement..

2. To complicate it further, if 'X' starts a daemon, can I get 'X' as
the original user from that daemon process ?
3. More than this if the new process or su (on Y from shell X) process
does a sesid (), can we still get the user as X ??

Thanks in advance!

for the question 3 above, "who am i" command gives the 'X' ... so how
does it work ???
Mind you preferrably I want to get all this information through a
kernel module.

Thanks.

run:

# tusc -o who.log "who am i"

and check the log file (who.log) for which system call "who" does..

//Michael

http://h21007.www2.hp.com/dspp/tech/...1,2894,00.html

This is not of much help. who either mostly reads utmp data, or it does
some ioctls.. While I want to find out this information from the proc
area (if possible), or some other better and authentic way.

Tx

iam.techy@gmail.com wrote:
> Hi,
> I want to find out the original user id of any given process..
> Original user in the sense, if I had done su to user 'Y' from login
> shell of user 'X' , then all the processes run by 'Y' on su shell
> should report me that original user is 'X'. Well this was the basic
> requirement, and most imp. requirement..
>
> 2. To complicate it further, if 'X' starts a daemon, can I get 'X' as
> the original user from that daemon process ?
> 3. More than this if the new process or su (on Y from shell X) process
> does a sesid (), can we still get the user as X ??
>

You should be able to get real user id by calling
crgetruid(cred_t *). Struct ucred * is passed to most
filesystem based entry points by upper layer. You
can also use functions such as crgeteuid() for
getting effective user-id. These kernel APIs may
get in-lined while building the kernel - so you
may need to pass additional compile switches if
the resulting driver does not link properly.

I don't see these being exported as part of of DDR
- I think one can submit such requests here ..

http://h21007.www2.hp.com/dspp/Onlin...914,74,00.html
(http://tinyurl.com/kvgov)

--vishwas

Hi Viswas,
Actually real uid is not what I wanted.. I wanted the original
user id. For example If I logged in as user "X", and then did a 'su' to
'Y', so now i am as user Y, and all my basic credentials are of 'Y'. If
I open a file using vi, the uid of this vi process is 'Y', but if you
look at it, its session leader is the base shell from where Y got
su'ed. so if I get get session leader through p_sid, I can get 'X'
(through some small juggelary).. So my basic requirement is met.
Now I want the same even if any process in Y does setsid() and changes
itself to session leader.. How do I get 'X' for it now ?
Same in the case of daemon, they arent associated with any session, so
how do I know who started this daemon..
I hope I confused u more ..

Thanks.

iam.techy@gmail.com wrote:
> Actually real uid is not what I wanted.. I wanted the original
> user id. For example If I logged in as user "X", and then did a 'su' to
> 'Y', so now i am as user Y, and all my basic credentials are of 'Y'. If
> I open a file using vi, the uid of this vi process is 'Y', but if you
> look at it, its session leader is the base shell from where Y got
> su'ed. so if I get get session leader through p_sid, I can get 'X'
> (through some small juggelary).. So my basic requirement is met.
> Now I want the same even if any process in Y does setsid() and changes
> itself to session leader.. How do I get 'X' for it now ?
> Same in the case of daemon, they arent associated with any session, so
> how do I know who started this daemon..
> I hope I confused u more ..

Thanks for explaining, but I'm not a PM expert. Hope
someone else would help you on this. But do not use
data structure traversing as a solution - as they
tend to be highly unportable/unreliable (esp. with
PM).

--vishwas.

Yeah, even I dont want to traverse such sophisticated data structures.
Ok, can you do me a favor, I dont think the real PM owners in CUP site
follow this news group, so can you fwd them my query (i think it is
pmdev or something similar) and get their opinions on possibility of
the answers.

Thanks a lot !!

On 2006-05-08, iam.techy@gmail.com <iam.techy@gmail.com> wrote:
> Hi Viswas,
> Actually real uid is not what I wanted.. I wanted the original
> user id. For example If I logged in as user "X", and then did a 'su' to

getlogin() on HP-UX last time I checked it behaves differently from other
Unix versions and may do what you want for logged-in users. It finds the
terminal and checks a wtmp or utmp record to find the username. (This is
sufficient to distringuish between different usernames with the same UID.)

You may find it doesn't work for daemons.

getlogin() on other systems reads an environment variable and should
not be trusted - use getuid() instead, or reproduce the above steps
with the terminal and other record.

On a system that has a "audit id" as well as uid and euid you might
access that but I've never done it.

--
Elvis Notargiacomo master AT barefaced DOT cheek
http://www.notatla.org.uk/goen/
Powergen write "Why not stay with us" - let me count the ways!

iam.techy@gmail.com wrote:
> Yeah, even I dont want to traverse such sophisticated data structures.
> Ok, can you do me a favor, I dont think the real PM owners in CUP site
> follow this news group, so can you fwd them my query (i think it is
> pmdev or something similar) and get their opinions on possibility of
> the answers.
>
I don't know if forwarding is the right thing to do (policy!).
You can probably post the same at

HPUX ITRC forum ..
http://forums1.itrc.hp.com/service/f...o?familyId=117

or at DSPP...
http://h21007.www2.hp.com/dspp/Onlin...914,74,00.html
(http://tinyurl.com/kvgov)

or ask HP support.

--vishwas.