problem retaining username
Andrew Solomon
andrews at it.uts.edu.au
Sun Sep 8 07:08:36 EDT 2002
On Sun, Sep 08, 2002 at 05:33:49PM +1000, Matthew Hannigan wrote:
> > 2) If I *were* able to execute /bin/timestamp.sh
> > as root but with $USER unchanged by sudo, I would worry that
> > the person executing
> >
> > sudo /bin/timestamp.sh
> >
> > had tampered with their $USER variable. Is there any way of ensuring
> > this had not been done?
>
> Use SUDO_USER instead. Or abort if USER != SUDO_USER.
>
Thanks Matt - this solves both problems. SUDO_USER is the effective
user who calls sudo even when you don't use !set_logname, so I didn't need that.
cheers
Andrew
More information about the sudo-users
mailing list