Solved

getting uid & euid of a process

Posted on 1998-10-10
7
912 Views
Last Modified: 2008-02-26
How is it possible to get the real & effective user id of
a given process?

The idea is to call something like geteuid(), from inside a
c program, to get the effective user id of ANOTHER process
(let's say the father).
0
Comment
Question by:mliberi
  • 3
  • 3
7 Comments
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
man proc
pcred()
0
 
LVL 3

Author Comment

by:mliberi
Comment Utility
thank you for your reply, but I can't accept it because it didn't help me resolving the problem.

I didn't find any reference to pcred() function in the system documentation, AIX 4.1.5

About 'man proc' the system simply replied:
proc Command for the Kernel Debug Program

to be clearer I would like the code for such a function

int getpeuid(int pid)
/* get the effective user id for process pid */
{
  /* place the code here */
  /* possibly without forking */
  /* must compile and run in *any* unix compliant O.S */
}
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
Oops, thought that proc() is standard UNIX.
Anyway, check if AIX supports /proc, if so you can check with:

   ls -l /proc/<pid>/

Use a pid of the current user, then you may also do:

   cat /proc/<pid>/status

Another posibility:  man -k pstat
(sorry don't have AIX handy)

> /* must compile and run in *any* unix compliant O.S */
AFAIK, you have to manage this with OS-dependent #defines.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 1

Accepted Solution

by:
ksb earned 100 total points
Comment Utility
You can't.  It can change (setreuid(), setuid()) and you must be root to read kmem on older vmunix's (that do not have /proc).

You can get a guess on systems that support /proc, but it could change in the next instruction.  What are you really trying to do?

If you want a process to prove it is running as a User you _can_ do that with 100% portable code -- but it'll cost you points.

0
 
LVL 3

Author Comment

by:mliberi
Comment Utility
Ok. It doesn't seem to be an easy task.
Let's try do put the question in other terms:

the program I'm writing runs with S_ISUID bit set with superuser authority, do some work as superuser and then forks. I want the child process to run with normal user authority, so, before it 'exec', it has to restore the previous effective user id. The problem is how to get such an information!

example:
process A, uid=x euid=y,   exec my program that is owned by root    and has S_ISUID bit set, so process B has been generated. I have no control on process A code, it could be *any* program.

process B, uid=x euid=0, do some work as superuser, and before
exec'ing a new file, I want it to restore old euid by calling seteuid(y).

Unfortunately 'exec' system call doesn't save old euid before changing it, so the idea was to retrieve the euid of the parent with a function like the one I requested; but a cleaner and safer way to get that information would be greatly appreciated. In fact it is not true, generally speaking, that the parent process is still alive when the child tries to retrieve it's effective user id.

Obviously the proposed solution must be system independent and use only standard system call.

If you need any other information about the question, please append a new comment.

Thank you very much for your reply to my question.
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
in your code:
1. save euid before seteuid()
2. remember that after a fork the child process has access to all
   variables of the parent, even the saved euid
3. so you may either do a seteuid(saved euid) in your child
   before exec()ing, or you may pass the saved euid as parameter
   to the program exec'd

You just use libc, you don't need platform specific knowledge and calls.
Is this what you need?
0
 
LVL 3

Author Comment

by:mliberi
Comment Utility
I can't save old euid, because I have no control on the code
that exec my program (usually a shell).
When my program begins running the euid has ALREADY been changed
by 'exec'.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

When you do backups in the Solaris Operating System, the file system must be inactive. Otherwise, the output may be inconsistent. A file system is inactive when it's unmounted or it's write-locked by the operating system. Although the fssnap utility…
This tech tip describes how to install the Solaris Operating System from a tape backup that was created using the Solaris flash archive utility. I have used this procedure on the Solaris 8 and 9 OS, and it shoudl also work well on the Solaris 10 rel…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now