Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Identify if ran by su or sudo?
Top Forums Shell Programming and Scripting Identify if ran by su or sudo? Post 302425574 by ericdp63 on Friday 28th of May 2010 01:27:07 PM
Old 05-28-2010
Java Identify if ran by su or sudo?
Recently I was on an operational call and heard the people running my code placing the code in the /tmp directory and running as root. I had not planned on that. So I want to add some checks to my code (using ksh93):

Code:
# ---------- ---------- ----------
# root not allowed to run this
# ---------- ---------- ----------
[[ $( whoami ) = root ]] && exit 2

# ---------- ---------- ----------
# Don't run this in /tmp
# ---------- ---------- ----------
[[ $( pwd ) = /tmp* ]] && exit 3

# ---------- ---------- ----------
# Don't run as sudo
# ---------- ---------- ----------


# ---------- ---------- ----------
# How much space is available here?
#
# Filesystem    Type   1K-blocks      Used Available Use% Mounted on
# /dev/sda3     ext3    68588072  32259392  32788356  50% /home
# ---------- ---------- ----------
integer _avail=$( df -k . | grep -v "^Filesystem" | awk '{ print $4 }' )
integer _threshold=26214400  # 25GB
(( _avail < _threshold )) && {

    print -u2 "***> There is not enough space (25gb) on this mount point!"
    print -u2 "     Only found ${_avail} kb."
    exit 4

}

What I can't find is a means to check the case where my code was run with sudo or "su -". The above 'whomai' returns the users name, not the fact it was run with root access through sudo. There are many reasons to use sudo, but in this case I want my app to run as a normal user with normal permissions, no extra help.


Is this possible? any ideas? I've done some google searching and all the references I can find are on how to use sudo, not how to identify it is being used.


Thanks for any help.
Eric
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

which user ran which command

can we come to know all the command ran bya user for last 1 day (1 Reply)
Discussion started by: narang.mohit
1 Replies

2. HP-UX

Aaarrggghhh HP warranty ran out

We have HP 9000 running UX. Does anybody know a reputable or even a strong maintenance firm that DOESN'T have a help desk the other side of the planet? We've been approached by Newcorp but thay seem rubbish. Please give me some recommendations. Sorry if this is posted in the wrong room but I... (3 Replies)
Discussion started by: Handsy
3 Replies

3. UNIX for Dummies Questions & Answers

Find hangs when ran under superuser.

When I ran the following find command under a "regular" user is completes but it limited because of perms. find / -name "*.*" | xargs grep something > ok But when I try to run it under su, it hangs and never completes. Any suggestion? (4 Replies)
Discussion started by: shorty
4 Replies

4. AIX

IBM AIX ran into error u0.1-p1-v2

Hi Guys, Is there any one can help me with the below error message dispalys on the LED panel. 10112633 u0.1-p1-v2 I bought a second hand IBM 7029 6C3 online several days ago. On the fist day, it can be ran well. but on second day, when i tried to boot up the machine, after few mins, the... (2 Replies)
Discussion started by: andylai
2 Replies

5. Shell Programming and Scripting

how to find whether a script ran or not

Hi, I have written a script and placed in an application and the script can be executed manually only. But somehow one of the method in the script is being called and bringing the application down. But we are not able to find any instance of script running. Is there a way to findout whether the... (1 Reply)
Discussion started by: Satyak
1 Replies

6. UNIX for Advanced & Expert Users

How to identify the scripts ran at a particular day of last month?

How to identify the scripts ran at a particular day of last month? I have to identify a script that ran on 06/01/2011 @ 4 am (3 Replies)
Discussion started by: rdhanek
3 Replies

7. Shell Programming and Scripting

ssh foo.com sudo command - Prompts for sudo password as visible text. Help?

I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this: #!/bin/bash rsync /path/on/local/machine/ foo.com:path/on/remote/machine/ ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
Discussion started by: fluoborate
9 Replies

8. UNIX for Dummies Questions & Answers

Test if script was ran w/ nohup

I want to test if script.sh is being run with nohup ... but $0 does not contain nohup part... purpose: script.sh should only be ran with nohup if user forgets nohup then it should echo "run with nohup" && exit....... (2 Replies)
Discussion started by: holyearth
2 Replies

9. Shell Programming and Scripting

Checking if command ran in parallel

Hi, I am running below code For I in $var do .......some line of code....... nohup Sqlplus apps/apps <<EOF & My_proc($I) Exit EOF done Nohup and & is used for parallel processing. Can someone help in determining if the procedure with different arguments Was called paralley or... (3 Replies)
Discussion started by: Pratiksha Mehra
3 Replies

10. UNIX for Dummies Questions & Answers

How many times did the scipt ran?

Hi, Can we able to identify how many times any script was ran per day/week/month/year wise (2 Replies)
Discussion started by: penqueen
2 Replies

LEARN ABOUT CENTOS

visudo

VISUDO(8)						    BSD System Manager's Manual 						 VISUDO(8)

NAME

     visudo -- edit the sudoers file

SYNOPSIS

     visudo [-chqsV] [-f sudoers]

DESCRIPTION

     visudo edits the sudoers file in a safe fashion, analogous to vipw(8).  visudo locks the sudoers file against multiple simultaneous edits,
     provides basic sanity checks, and checks for parse errors.  If the sudoers file is currently being edited you will receive a message to try
     again later.

     There is a hard-coded list of one or more editors that visudo will use set at compile-time that may be overridden via the editor sudoers
     Default variable.	This list defaults to /usr/local/bin/vi.  Normally, visudo does not honor the VISUAL or EDITOR environment variables
     unless they contain an editor in the aforementioned editors list.	However, if visudo is configured with the --with-env-editor option or the
     env_editor Default variable is set in sudoers, visudo will use any the editor defines by VISUAL or EDITOR.  Note that this can be a security
     hole since it allows the user to execute any program they wish simply by setting VISUAL or EDITOR.

     visudo parses the sudoers file after the edit and will not save the changes if there is a syntax error.  Upon finding an error, visudo will
     print a message stating the line number(s) where the error occurred and the user will receive the ``What now?'' prompt.  At this point the
     user may enter 'e' to re-edit the sudoers file, 'x' to exit without saving the changes, or 'Q' to quit and save changes.  The 'Q' option
     should be used with extreme care because if visudo believes there to be a parse error, so will sudo and no one will be able to sudo again
     until the error is fixed.	If 'e' is typed to edit the sudoers file after a parse error has been detected, the cursor will be placed on the
     line where the error occurred (if the editor supports this feature).

     The options are as follows:

     -c 	 Enable check-only mode.  The existing sudoers file will be checked for syntax errors, owner and mode.	A message will be printed
		 to the standard output describing the status of sudoers unless the -q option was specified.  If the check completes successfully,
		 visudo will exit with a value of 0.  If an error is encountered, visudo will exit with a value of 1.

     -f sudoers  Specify and alternate sudoers file location.  With this option visudo will edit (or check) the sudoers file of your choice,
		 instead of the default, /etc/sudoers.	The lock file used is the specified sudoers file with ``.tmp'' appended to it.	In
		 check-only mode only, the argument to -f may be '-', indicating that sudoers will be read from the standard input.

     -h 	 The -h (help) option causes visudo to print a short help message to the standard output and exit.

     -q 	 Enable quiet mode.  In this mode details about syntax errors are not printed.	This option is only useful when combined with the
		 -c option.

     -s 	 Enable strict checking of the sudoers file.  If an alias is used before it is defined, visudo will consider this a parse error.
		 Note that it is not possible to differentiate between an alias and a host name or user name that consists solely of uppercase
		 letters, digits, and the underscore ('_') character.

     -V 	 The -V (version) option causes visudo to print its version number and exit.

ENVIRONMENT

     The following environment variables may be consulted depending on the value of the editor and env_editor sudoers settings:

     VISUAL	      Invoked by visudo as the editor to use

     EDITOR	      Used by visudo if VISUAL is not set

FILES

     /etc/sudoers	       List of who can run what

     /etc/sudoers.tmp	       Lock file for visudo

DIAGNOSTICS

     sudoers file busy, try again later.
	   Someone else is currently editing the sudoers file.

     /etc/sudoers.tmp: Permission denied
	   You didn't run visudo as root.

     Can't find you in the passwd database
	   Your user ID does not appear in the system passwd file.

     Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined
	   Either you are trying to use an undeclared {User,Runas,Host,Cmnd}_Alias or you have a user or host name listed that consists solely of
	   uppercase letters, digits, and the underscore ('_') character.  In the latter case, you can ignore the warnings (sudo will not
	   complain).  In -s (strict) mode these are errors, not warnings.

     Warning: unused {User,Runas,Host,Cmnd}_Alias
	   The specified {User,Runas,Host,Cmnd}_Alias was defined but never used.  You may wish to comment out or remove the unused alias.  In -s
	   (strict) mode this is an error, not a warning.

     Warning: cycle in {User,Runas,Host,Cmnd}_Alias
	   The specified {User,Runas,Host,Cmnd}_Alias includes a reference to itself, either directly or through an alias it includes.	This is
	   only a warning by default as sudo will ignore cycles when parsing the sudoers file.

SEE ALSO

     vi(1), sudoers(5), sudo(8), vipw(8)

AUTHORS

     Many people have worked on sudo over the years; this version consists of code written primarily by:

	   Todd C. Miller

     See the CONTRIBUTORS file in the sudo distribution (http://www.sudo.ws/sudo/contributors.html) for an exhaustive list of people who have con-
     tributed to sudo.

CAVEATS

     There is no easy way to prevent a user from gaining a root shell if the editor used by visudo allows shell escapes.

BUGS

     If you feel you have found a bug in visudo, please submit a bug report at http://www.sudo.ws/sudo/bugs/

SUPPORT

     Limited free support is available via the sudo-users mailing list, see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
     the archives.

DISCLAIMER

     visudo is provided ``AS IS'' and any express or implied warranties, including, but not limited to, the implied warranties of merchantability
     and fitness for a particular purpose are disclaimed.  See the LICENSE file distributed with sudo or http://www.sudo.ws/sudo/license.html for
     complete details.

Sudo 1.8.6p7							   July 12, 2012						      Sudo 1.8.6p7
All times are GMT -4. The time now is 02:30 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy