Is there cheap way of retrieving EUID from PI

Question

I've recently tried to write a program that monitors activity on filesystem. I'd like it to record action, PID, executable name and EUID. I've used fanotify for this purpose and it can retrieve everything except EUID. So far I've been able to fetch user using following code:

#include <proc/readproc.h>

struct passwd* get_user_from_pid(pid_t pid)
    {
        proc = openproc(PROC_FILLMEM | PROC_FILLSTAT | PROC_FILLSTATUS| PROC_FILLUSR | PROC_PID, &pid);
        memset(&proc_info, 0, sizeof(proc_info));
        if (readproc(proc, &proc_info) == NULL)
            return NULL;
        struct passwd* user_info = getpwnam(proc_info.euser);
        closeproc(proc);
        return user_info;
    }

The problem is that as far as I know underneath it just reads files from /proc/<pid> which is ofcourse slow when dealing with huge amount of I/O traffic, almost always keeping CPU at 100% utilization.

Is there a cheaper way to achieve the same?

This question has an [answer here](https://unix.stackexchange.com/questions/408613/how-to-get-the-ruid-euid-suid-and-rgid-egid-sgid-of-a-process). — ryyker, Jul 20 '22 at 12:04
I suspect the inefficiency isn't so much in openproc as in getpwnam. Haven't checked, but you might try memoizing your results, no one sane reuses a uid. — jthill, Jul 20 '22 at 14:14

score 0 · Answer 1 · edited Jul 20 '22 at 14:07

0

Have you tried to just read /proc/<pid>/status with scanf ?

edited Jul 20 '22 at 14:07

ryyker

22,849
3
43
87

answered Jul 20 '22 at 10:41

Barry McOakiner

1
1

program might prefer to parse /proc/PID/stat – stark Jul 20 '22 at 10:57
This is a question, not an answer. It belongs in comments under the original post. – ryyker Jul 20 '22 at 12:02

Is there cheap way of retrieving EUID from PI

1 Answers1