Bug 116186 - [RFE][PATCH] Pass original user's identity to the executed program
Summary: [RFE][PATCH] Pass original user's identity to the executed program
Alias: None
Product: Fedora
Classification: Fedora
Component: usermode   
(Show other bugs)
Version: 1
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Jindrich Novy
QA Contact: David Lawrence
Keywords: FutureFeature, Patch
Depends On:
TreeView+ depends on / blocked
Reported: 2004-02-18 20:12 UTC by Miloslav Trmac
Modified: 2013-07-02 22:58 UTC (History)
1 user (show)

Fixed In Version: 1.77-1
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-01-20 13:37:24 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
setenv("USERHELPER_UID", ...) (523 bytes, patch)
2004-02-18 20:13 UTC, Miloslav Trmac
no flags Details | Diff

Description Miloslav Trmac 2004-02-18 20:12:48 UTC
Description of problem:
The attached patch exports the UID of the user originally executing
a tool through consolehelper in $USERHELPER_UID. This can be useful
e.g. for programs that allow users to add network shares without
knowing the administrator password, but want to restrict this only
to directories owned by the user.

Version-Release number of selected component (if applicable):

Comment 1 Miloslav Trmac 2004-02-18 20:13:15 UTC
Created attachment 97809 [details]
setenv("USERHELPER_UID", ...)

Comment 2 Jindrich Novy 2005-01-17 11:56:35 UTC
Maybe some further work on the topic would be needed because we set
USERNAME to "root" for instance, what isn't very much consistent with
setting the environment variable containing UID. What about GID?

Comment 3 Miloslav Trmač 2005-01-17 12:07:21 UTC
I think USERNAME=root is perfectly consistent with USERHELPER_UID;
the utility is running as root, after all, and (if only for security)
should be as detached from the invoking user's environment as possible.

USERHELPER_UID would be there purely for the benefit of applications
that were _designed_ to be run under userhelper.

I'm not sure when GID would be really needed:
The primary group ID can be obtained from the UID via /etc/passwd
(or whatever NSS mechanism is in use), supplementary groups can
also be enumerated when the UID is known (and I think they are
not affected by running under userhelper at all).

The only case I can think of is if the user has changed the primary
group ID using newgrp; but newgrp should Just Not Be Needed with the
private group scheme.

Anyway, adding a single line with USERHELPER_GID is not hard :)

Note You need to log in before you can comment on or make changes to this bug.