Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

getting uid & euid of a process

Posted on 1998-10-10
7
Medium Priority
?
940 Views
Last Modified: 2008-02-26
How is it possible to get the real & effective user id of
a given process?

The idea is to call something like geteuid(), from inside a
c program, to get the effective user id of ANOTHER process
(let's say the father).
0
Comment
Question by:mliberi
  • 3
  • 3
7 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 2007386
man proc
pcred()
0
 
LVL 3

Author Comment

by:mliberi
ID: 2007387
thank you for your reply, but I can't accept it because it didn't help me resolving the problem.

I didn't find any reference to pcred() function in the system documentation, AIX 4.1.5

About 'man proc' the system simply replied:
proc Command for the Kernel Debug Program

to be clearer I would like the code for such a function

int getpeuid(int pid)
/* get the effective user id for process pid */
{
  /* place the code here */
  /* possibly without forking */
  /* must compile and run in *any* unix compliant O.S */
}
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 2007388
Oops, thought that proc() is standard UNIX.
Anyway, check if AIX supports /proc, if so you can check with:

   ls -l /proc/<pid>/

Use a pid of the current user, then you may also do:

   cat /proc/<pid>/status

Another posibility:  man -k pstat
(sorry don't have AIX handy)

> /* must compile and run in *any* unix compliant O.S */
AFAIK, you have to manage this with OS-dependent #defines.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 1

Accepted Solution

by:
ksb earned 200 total points
ID: 2007389
You can't.  It can change (setreuid(), setuid()) and you must be root to read kmem on older vmunix's (that do not have /proc).

You can get a guess on systems that support /proc, but it could change in the next instruction.  What are you really trying to do?

If you want a process to prove it is running as a User you _can_ do that with 100% portable code -- but it'll cost you points.

0
 
LVL 3

Author Comment

by:mliberi
ID: 2007390
Ok. It doesn't seem to be an easy task.
Let's try do put the question in other terms:

the program I'm writing runs with S_ISUID bit set with superuser authority, do some work as superuser and then forks. I want the child process to run with normal user authority, so, before it 'exec', it has to restore the previous effective user id. The problem is how to get such an information!

example:
process A, uid=x euid=y,   exec my program that is owned by root    and has S_ISUID bit set, so process B has been generated. I have no control on process A code, it could be *any* program.

process B, uid=x euid=0, do some work as superuser, and before
exec'ing a new file, I want it to restore old euid by calling seteuid(y).

Unfortunately 'exec' system call doesn't save old euid before changing it, so the idea was to retrieve the euid of the parent with a function like the one I requested; but a cleaner and safer way to get that information would be greatly appreciated. In fact it is not true, generally speaking, that the parent process is still alive when the child tries to retrieve it's effective user id.

Obviously the proposed solution must be system independent and use only standard system call.

If you need any other information about the question, please append a new comment.

Thank you very much for your reply to my question.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 2007391
in your code:
1. save euid before seteuid()
2. remember that after a fork the child process has access to all
   variables of the parent, even the saved euid
3. so you may either do a seteuid(saved euid) in your child
   before exec()ing, or you may pass the saved euid as parameter
   to the program exec'd

You just use libc, you don't need platform specific knowledge and calls.
Is this what you need?
0
 
LVL 3

Author Comment

by:mliberi
ID: 2007392
I can't save old euid, because I have no control on the code
that exec my program (usually a shell).
When my program begins running the euid has ALREADY been changed
by 'exec'.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you do backups in the Solaris Operating System, the file system must be inactive. Otherwise, the output may be inconsistent. A file system is inactive when it's unmounted or it's write-locked by the operating system. Although the fssnap utility…
Introduction Regular patching is part of a system administrator's tasks. However, many patches require that the system be in single-user mode before they can be installed. A cluster patch in particular can take quite a while to apply if the machine…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
Suggested Courses
Course of the Month11 days, 19 hours left to enroll

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question