----- Forwarded message from Dang <linuxdang@xxxxxxxxx> -----
X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on Starbuck
X-Spam-Level: ***
X-Spam-Status: No, score=3.2 required=5.0 tests=AWL,RCVD_IN_BL_SPAMCOP_NET,
RCVD_IN_SORBS_DUL autolearn=no version=3.1.0
From: Dang <linuxdang@xxxxxxxxx>
To: "tyler@xxxxxxxx" <tyler@xxxxxxxx>
Subject: Re: How to get original user (linux 2.4.20 kernel)
X-agat.net-MailScanner: Found to be clean, Found to be clean
X-agat.net-MailScanner-SpamCheck: n'est pas un polluriel,
SpamAssassin (score=2.326, requis 5, RCVD_BY_IP 0.02,
RCVD_IN_BL_SPAMCOP_NET 1.83, TO_ADDRESS_EQ_REAL 0.47), n'est pas un polluriel,
SpamAssassin (score=2.463, requis 6, RCVD_BY_IP 0.02,
RCVD_IN_BL_SPAMCOP_NET 1.83, RCVD_IN_SORBS_DUL 0.14,
TO_ADDRESS_EQ_REAL 0.47)
X-agat.net-MailScanner-SpamScore: ss, ss
X-agat.net-MailScanner-Information: AGAT.NET filters
X-MailScanner-From: linuxdang@xxxxxxxxx
On 5/6/06, tyler@xxxxxxxx <tyler@xxxxxxxx> wrote:
>> On 5/5/06, tyler@xxxxxxxx <tyler@xxxxxxxx> wrote:
>> >On Fri, May 05, 2006 at 01:45:37PM +0530, Linux Dang wrote:
>> >> Hi,
>> >> I am looking for some way to extract original user for a given
>> >> process. For example,
>> >> A user types following command
>> >>
>> >> i ) guest log's in as "aaa"
>> >> ii ) su - "bbb"
>> >> iii ) su - "ccc"
>> >> iv ) ./a.out
>> >>
>> >> I want to find the actual user i.e. "aaa". Can this be acheived on Linux 2.4.20?
>> >> I am thinking of following solution but don't know whether this will
>> >> work in all the cases or is there is any better way to achieve this.
>> >>
>> >> struct task_struct {
>> >> ...
>> >> pid_t session; /* Stores login session pid */
>> >> ...
>> >>
>> >> }
>> >>
>> >> This "session" is the pid of login session process. Using this pid we
>> >> can traverse task_struct and get "uid" associated with this pid and
>> >> hence original user.
>> >>
>> >> Thanks in advance.
>> >>
>> >> Regards,
>> >> Linux Dang
>> >>
>> >
>> >Hi,
>> >
>> >don't touch the kernel :)
>> >
>> >You can already find the user logged initially. You just have to find
>> >the user which owns the actual pty (pseudo terminal)
>> >You can find this information in the /var/run/utmp file (maybe somewhere
>> >else with you distribution).
>> >
>> >This file is not a plain text. I don't exactly how to read it but you
>> >should download the source of the who command (coreutils package). You
>> >will see that this file is used and the file is read (it's read with the
>> >help of the readutmp(...) function).
>> >
>> >Or you can just launch the 'who' command from your C program but it's
>> >not advised.
>> >
>> >--
>> >tyler
>> >tyler@xxxxxxxx
>>
>On Sat, May 06, 2006 at 10:18:27AM +0530, Dang wrote:
>> Thanks a lot Tyler. We have the following requirements, when ever a
>> program starts we need to log information about the program name its
>> current user and original user. Yes, you are very right in saying that
>> information about original user can be fetched from userspace but we
>> may end up in some problem if we do so. We are using asynchronous
>> messaging mechanism between user and kernel. So by the time userspace
>> gets a chance to process this event that process may have already
>> died.
>>
>> Regards,
>> Amit Dang
>>
>
>I don't understand your problem.
>Earlier, you gave this example :
> i ) guest log's in as "aaa"
> ii ) su - "bbb"
> iii ) su - "ccc"
> iv ) ./a.out
>
> I want to find the actual user i.e. "aaa". Can this be acheived on Linux 2.4.20?
>
>The login "aaa" is the one who logged in for the actual session. You can
>find it with the file /var/run/utmp if the sesssion is still active.
>Don't think of kernel if you want to do this.
>I'm not sur I understand the problem example you gave. Did you say :
> if the guest process login "aa" is killed while we're retrieving the
> user from the process (iv), there will be a problem.
>Well, if this case happens, all the process attached to the session will
>be killed, so the (ib) will also be killed.
>
>If it's not your problem, please reformule it :)
>
>And please, post you answer after the previous messages (don't top post)
>: it's very hard to follow you discussion.
>
>--
>tyler
>tyler@xxxxxxxx
>
My main problem is "fetching original user". The example that I gave
was just an attempt to explain that problem.
In my other mail I made an attempt to explain why I want to do it in
kernel space and not in User Space. Before we move further let me
brief you about my requirements:
i ) Need to log some information about the process as soon as it is created.
ii ) Need to log some information about the process as soon as it goes down.
iii) Current user name
iv ) Original user name / session user name.
Note: Can't change kernel source code.
As per the present implementation, a module in kernel is created which
takes care of raising an event, which is processed in user space and
finally logged. Kernel to userspace communication is via fifo
(asynchronous). Let as reconsider the previous example.
i ) User "aaa" logs in.
ii ) su "bbb"
iii) su "ccc"
iv) ./a.out
Kernel module will raise an event for "a.out" (insert the required
information in the fifo). Processing of this event in userspace may
get delayed and by that time the process "a.out" might have died. In
case the process died, we can't fetch original user information about
"a.out".
That is why I want it to be implemented in kernel.
I hope this time I am able to explain my issue clearly.
Regards,
Dang
----- End forwarded message -----
___________________________________________________________________________
Faites de Yahoo! votre page d'accueil sur le web pour retrouver directement vos services préférés : vérifiez vos nouveaux mails, lancez vos recherches et suivez l'actualité en temps réel.
Rendez-vous sur http://fr.yahoo.com/set
--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive: http://mail.nl.linux.org/kernelnewbies/
FAQ: http://kernelnewbies.org/faq/
