2

If I run a java class file as sudo user, the effective userid changes to the sudo user. I can get the effective userid with System.getProperty("user.name"). However, is there any way I can get the real userID from within the java program? The variable $SUDO_USER is not a reliable one in shell.

scott
  • 1,557
  • 3
  • 15
  • 31
  • 1
    No you can't; this would require accessing OS-level primitives which Java does not have access to and even then, if it did, it would ask the question of compatibility of the API on other OSes on which Java can run (Windows has no such notion for instance). – fge Nov 23 '15 at 17:11
  • 1
    @fge: There are Java APIs for a variety of OS-level primitives; I can't say, off-hand, that there **definitely isn't** one that provides this, can you? Separately: Windows has impersonation, which would present a similar scenario to the above, and so could potentially be included in any such abstracted API. – T.J. Crowder Nov 23 '15 at 17:23
  • 1
    @T.J.Crowder I didn't ever say that it was not possible theoretically; just that right now there isn't. My comment still stands. Windows' impersonation is not the same as getuid() vs geteuid(). – fge Nov 23 '15 at 17:24
  • 1
    If there is a linux command, then you can use Runtime.getRuntime().exec() and then parse the output by obtaining the inputstream from the command. – Sourabh Bhat Nov 23 '15 at 17:27
  • 1
    @SourabhBhat: Quite true and good point, *if* you can reasonably assume the command hasn't been subverted in some way. – T.J. Crowder Nov 23 '15 at 17:28
  • 1
    @fge: Right, I didn't say you said it was *impossible*. Just asking the question: You're that certain? You know all the APIs that well? It couldn't just happen to be something you haven't run across? Could well be true that you can be that certain, from the Java answers I've seen you post over the years. It's just I've tripped myself up enough times saying "No, there is no X" only to have X pushed in front of my face, to flag it up. :-) – T.J. Crowder Nov 23 '15 at 17:39
  • 1
    try to combine "parse method" with: http://stackoverflow.com/questions/4598001/how-do-you-find-the-original-user-through-multiple-sudo-and-su-commands – guillaume girod-vitouchkina Nov 23 '15 at 17:40
  • Thank you everyone. I will try to use a c library or c program and use Runtime.getruntime().exec() to parse it then. – scott Nov 24 '15 at 03:34

1 Answers1

0

Yes, just use the getuid(2) system call, instead of the geteuid(2) system call. The effective uid is changed on exec(2) system call, when you execute a file with executable permissions (an executable, not a shell scritp) and the setuid bit (see chmod(2) for a description of that bit)

Once you are executing a file with the setuid bit on, you will have as real used id your login user id, the effective user id will be the one of the user to which the file belongs and you (as a normal user, not root) can only change between the real and effective user ids with the seteuid(2) system call. No more changes are allowed for a normal user. Superuser can change both with the setuid(2) system call.

Luis Colorado
  • 10,974
  • 1
  • 16
  • 31