Bug 116186

Summary: [RFE][PATCH] Pass original user's identity to the executed program
Product: [Fedora] Fedora Reporter: Miloslav Trmac <mitr>
Component: usermodeAssignee: Jindrich Novy <jnovy>
Status: CLOSED RAWHIDE QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 1CC: pknirsch
Target Milestone: ---Keywords: FutureFeature, Patch
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: 1.77-1 Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-01-20 08:37:24 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Description Flags
setenv("USERHELPER_UID", ...) none

Description Miloslav Trmac 2004-02-18 15:12:48 EST
Description of problem:
The attached patch exports the UID of the user originally executing
a tool through consolehelper in $USERHELPER_UID. This can be useful
e.g. for programs that allow users to add network shares without
knowing the administrator password, but want to restrict this only
to directories owned by the user.

Version-Release number of selected component (if applicable):
Comment 1 Miloslav Trmac 2004-02-18 15:13:15 EST
Created attachment 97809 [details]
setenv("USERHELPER_UID", ...)
Comment 2 Jindrich Novy 2005-01-17 06:56:35 EST
Maybe some further work on the topic would be needed because we set
USERNAME to "root" for instance, what isn't very much consistent with
setting the environment variable containing UID. What about GID?
Comment 3 Miloslav Trma─Ź 2005-01-17 07:07:21 EST
I think USERNAME=root is perfectly consistent with USERHELPER_UID;
the utility is running as root, after all, and (if only for security)
should be as detached from the invoking user's environment as possible.

USERHELPER_UID would be there purely for the benefit of applications
that were _designed_ to be run under userhelper.

I'm not sure when GID would be really needed:
The primary group ID can be obtained from the UID via /etc/passwd
(or whatever NSS mechanism is in use), supplementary groups can
also be enumerated when the UID is known (and I think they are
not affected by running under userhelper at all).

The only case I can think of is if the user has changed the primary
group ID using newgrp; but newgrp should Just Not Be Needed with the
private group scheme.

Anyway, adding a single line with USERHELPER_GID is not hard :)