Get $USER variable?
Closed this issue · 3 comments
The shell has variable $USER or $SUDO_USER. How do I get those variable visible inside the wrapped script?
Thanks
Hey @biocyberman. This functionality is not available yet, but I can add it. I can see that sudo defines the following variables:
SUDO_GID=1000
SUDO_UID=1000
SUDO_USER=thiago
I'm thinking about adding the following:
SUID_WRAPPER_GID=1000
SUID_WRAPPER_UID=1000
SUID_WRAPPER_USER=thiago
What do you think?
@thiagorb Thanks for looking into this.
I made some change yesterday and it works for me. Regarding your question, I think your suggestion also work.
diff --git a/src/runner.c b/src/runner.c
index 01f4439..b1419b8 100644
--- a/src/runner.c
+++ b/src/runner.c
@@ -1,10 +1,12 @@
#define _XOPEN_SOURCE 500
+#define MAX_USER_LEN 10
#include <unistd.h>
#include <errno.h>
#include <string.h>
#include <stdio.h>
#include <stdint.h>
+#include <stdlib.h>
#include "wrapper.h"
int main(int argc, char **argv)
@@ -46,7 +48,11 @@ int main(int argc, char **argv)
log_error("Failed to set gid\n");
}
- char *new_env[] = { NULL };
+ char *user = getenv("USER");
+ char env_user[MAX_USER_LEN + 5]; // plus 5 for "USER="
+ snprintf(env_user, sizeof(env_user), "USER=%s", user);
+ char *new_env[] = { env_user,
+ "PATH=/usr/bin:/usr/sbin", NULL };
int result = execve(new_argv[0], &new_argv[0], new_env);
if (result != 0)
{
Alternatively, setting PATH=/usr/bin:/usr/sbin allows users to use logname in their scripts to query the information. This compromises a bit the safety but maybe not much, considering /usr/bin and /usr/sbin is writable by root anyway?
With that said, I think SUDO_GID, SUDO_UID, and SUDO_USER are still minimum values to pass around.