Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm writing a program that copies files from that users directory into a directory they normally don't have access too.
I need their login ID so I know where to put the files, but if they can change the shell variable I'm using to get the login name, then they can have their files copied into the wrong place (deleting someone elses files in the process).
The program is invoked by a student through a script. The script calls the program which has the suid bit set and is owned by the "grader". The program, with grader permissions, copies the students work into the grading directory.
john test: they aren't changing their ID, just the shell var that records what their LOGNAME is.
arizonagroovejet? what is "id" and how do I access it?
if it requires privileges I can't use it. any system() calls I make from the program revert to the privileges of the student that called the original shell script
You're right that the chances are small that a user will change their LOGNAME. All they can accomplish (and they will have to do a lot of work to figure this out) is that they can ruin other students homework assignments (until someone figures out what happened and the student is allowed to resubmit their assignment).
Weel if the student logs in he only has access to /home/userX and subdirectories. Can you just create a subdirectory named Work as a sub under userX and let them deposit their work procuct in the work directory and then set up a script to mv their work to a matching frader directory system as /grader/userX/work with a timestamp as part of the filename. Subsequent submissions would just be placed in userX/work and be moved and timestamped to the grader directory system.
Just some thoughts, hope you work it out
Davidstvz, use programs such as id that use standard system calls (eg. getuid(2)) and are specifically coded to return a process's uid/gid/euid/egid. Again, LOGNAME is an incorrect, insecure method for determining user identities.
You should have id installed as part of your core utilities, typically /usr/bin/id. See also man id, and see the -g and -u options as well.
For the moment I have this working. And the important call that uses the LOGNAME is a sudo command so anytime it is used, it gets logged. If any users do anything bad and someone reports it, I can check the log and find out exactly who did what pretty easily (say userC reports that their homework was maliciously overwritten; I just search the log for userC and find the instance of where some other user such as userX called the sudo script with userC's logname and I'll know where to place the blame).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.