{"id":1873,"date":"2015-01-30T01:30:02","date_gmt":"2015-01-29T17:30:02","guid":{"rendered":"http:\/\/ixyzero.com\/blog\/?p=1873"},"modified":"2015-01-30T01:30:02","modified_gmt":"2015-01-29T17:30:02","slug":"%e5%a6%82%e4%bd%95%e6%9f%a5%e6%89%be%e5%a4%9a%e6%ac%a1sudosu%e4%b9%8b%e5%90%8e%e7%9a%84%e9%82%a3%e4%b8%aa%e5%8e%9f%e5%a7%8b%e7%94%a8%e6%88%b7%ef%bc%9f","status":"publish","type":"post","link":"https:\/\/ixyzero.com\/blog\/archives\/1873.html","title":{"rendered":"\u5982\u4f55\u67e5\u627e\u591a\u6b21sudo\/su\u4e4b\u540e\u7684\u90a3\u4e2a\u539f\u59cb\u7528\u6237\uff1f"},"content":{"rendered":"<p>\u56e0\u4e3a\u529f\u80fd\u9700\u8981\uff0c\u6240\u4ee5\u8981\u89e3\u51b3\u8fd9\u4e48\u6837\u7684\u4e00\u4e2a\u95ee\u9898\uff0c\u521a\u5f00\u59cb\u65f6\u4ee5\u4e3a\u6709PID\/PPID\/SID\u518d\u52a0\u4e0a\u4e00\u4e2a\u65f6\u95f4\u6233\u2026\u2026\u8fd9\u4e9b\u5185\u5bb9\u5e94\u8be5\u5dee\u4e0d\u591a\u5c31\u53ef\u4ee5\u786e\u5b9a\u539f\u59cb\u7528\u6237\u4e86\uff0c\u4f46\u540e\u6765\u624d\u77e5\u9053\u6211\u9519\u4e86o(\u256f\u25a1\u2570)o \u5bf9Bash\u7684\u4e00\u4e9b\u6982\u5ff5\u7406\u89e3\u5f97\u8fd8\u662f\u4e0d\u591f\u6e05\u695a\u554a\uff0c\u4e0d\u8fc7\u7ecf\u8fc7\u7f51\u4e0a\u7684\u4e00\u756a\u641c\u7d22\uff0c\u8fd8\u662f\u627e\u51fa\u4e86\u4e0d\u5c11\u5185\u5bb9\u7684\uff0c\u9700\u8981\u6162\u6162\u6d88\u5316\u4e00\u4e0b\uff1a<\/p>\n<h6>\u786e\u5b9a\u641c\u7d22\u5173\u952e\u5b57\uff1a<\/h6>\n<p><a href=\"http:\/\/search.aol.com\/aol\/search?q=Linux+find+su+from\" target=\"_blank\">http:\/\/search.aol.com\/aol\/search?q=Linux+find+su+from<\/a><\/p>\n<h6>\u53c2\u8003\u94fe\u63a5\uff1a<\/h6>\n<p><a href=\"http:\/\/stackoverflow.com\/questions\/4598001\/how-do-you-find-the-original-user-through-multiple-sudo-and-su-commands\" target=\"_blank\">http:\/\/stackoverflow.com\/questions\/4598001\/how-do-you-find-the-original-user-through-multiple-sudo-and-su-commands<\/a><\/p>\n<h6>\u89e3\u51b3\u65b9\u6cd5\uff1a<\/h6>\n<blockquote><p>Use who am i | awk &#8216;{print $1}&#8217; OR logname as no other methods are guaranteed.<\/p><\/blockquote>\n<p>\u4f7f\u7528\u547d\u4ee4\uff1a<\/p>\n<pre class=\"nums:false lang:default decode:true\">who am i<\/pre>\n<p>\u6216<\/p>\n<pre class=\"lang:default decode:true\">logname<\/pre>\n<p>\u53ef\u4ee5\u5f97\u5230\u6b63\u786e\u7684\u539f\u59cb\u7528\u6237\u540d\u3002<\/p>\n<hr \/>\n<p><span style=\"color: #ff0000;\">\u4f46\u662f\u5982\u4f55\u901a\u8fc7C\u8bed\u8a00\u7f16\u7a0b\u5f97\u5230\u539f\u59cb\/\u6b63\u786e\u7684\u7528\u6237\u540d\u5462\uff1f<\/span>\uff08\u5373\uff0c\u901a\u8fc7\u7a0b\u5e8f\u5b9e\u73b0\u7c7b\u4f3c\u4e8e\u201cwho am i\u201d\u548c\u201clogname\u201d\u547d\u4ee4\u7684\u529f\u80fd\uff09<\/p>\n<h6>\u601d\u8def\/\u65b9\u6cd5\uff1a<\/h6>\n<p>\u67e5\u770bwho\u547d\u4ee4\u6216logname\u547d\u4ee4\u7684\u6e90\u7801\u3002<\/p>\n<p>\u67e5\u770blogname\u547d\u4ee4\u7684manual\u53ef\u4ee5\u5f97\u77e5\u5c5e\u4e8ecoreutils\u5e93\uff0c\u56e0\u6b64\uff0c\u4e0b\u8f7d<a href=\"http:\/\/ftp.gnu.org\/gnu\/coreutils\/\" target=\"_blank\">\u6e90\u4ee3\u7801<\/a>\uff0c\u4e00\u70b9\u4e00\u70b9\u6765\uff1a<\/p>\n<p><a href=\"http:\/\/ixyzero.com\/blog\/wp-content\/uploads\/2015\/01\/logname_manual.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium wp-image-1874\" src=\"http:\/\/ixyzero.com\/blog\/wp-content\/uploads\/2015\/01\/logname_manual-279x300.png\" alt=\"logname_manual\" width=\"279\" height=\"300\" \/><\/a><\/p>\n<p>\u89e3\u538b\u4e4b\u540e\u627e\u5230logname\u7684\u6e90\u7801\u4f4d\u7f6e\u53ca\u5176\u4ee3\u7801\u6838\u5fc3\u5185\u5bb9\uff1a<\/p>\n<pre class=\"lang:default decode:true\"># pwd\n\/root\/downLoads\/coreutils-8.23\n# find -iname \"*logname*\"\n.\/src\/logname.c\n.\/man\/logname.x<\/pre>\n<pre class=\"lang:default decode:true \">int main (int argc, char **argv) {\n\tchar *cp;\n\n\t\/* POSIX requires using getlogin (or equivalent code).  *\/\n\tcp = getlogin ();\n\tif (cp) {\n\t\tputs (cp);\n\t\texit (EXIT_SUCCESS);\n\t}\n\t\/* POSIX prohibits using a fallback technique.  *\/\n\terror (0, 0, _(\"no login name\"));\n\texit (EXIT_FAILURE);\n}<\/pre>\n<p>\u6700\u6700\u91cd\u8981\u7684\u5c31\u662f\u91cc\u9762\u7684getlogin()\u51fd\u6570\u3002<\/p>\n<h6>\u56e0\u6b64\uff0c\u67e5\u627e\u5173\u952e\u5b57\uff1a<\/h6>\n<p><a href=\"http:\/\/search.aol.com\/aol\/search?q=linux+getlogin\">http:\/\/search.aol.com\/aol\/search?q=linux+getlogin<\/a><\/p>\n<h6>\u53c2\u8003\u94fe\u63a5\uff1a<\/h6>\n<ul>\n<li><a href=\"http:\/\/unix.stackexchange.com\/questions\/78217\/understanding-getlogin\" target=\"_blank\">http:\/\/unix.stackexchange.com\/questions\/78217\/understanding-getlogin <\/a>\u00a0#\u5168\u9762\u7684getlogin()\u51fd\u6570\u7684\u4ecb\u7ecd<\/li>\n<li><a href=\"http:\/\/stackoverflow.com\/questions\/4785126\/getlogin-c-function-returns-null-and-error-no-such-file-or-directory\" target=\"_blank\">http:\/\/stackoverflow.com\/questions\/4785126\/getlogin-c-function-returns-null-and-error-no-such-file-or-directory<\/a><\/li>\n<li><a href=\"http:\/\/stackoverflow.com\/questions\/6771610\/what-does-possible-lost-means-in-valgrind\" target=\"_blank\">http:\/\/stackoverflow.com\/questions\/6771610\/what-does-possible-lost-means-in-valgrind<\/a><\/li>\n<\/ul>\n<hr \/>\n<p>\u5728\u7f16\u8bd1\u8fc7\u7a0b\u4e2d\u78b0\u5230\u7684\u4e00\u4e9b\u95ee\u9898\u53ca\u76f8\u5e94\u89e3\u51b3\u529e\u6cd5\uff1a<\/p>\n<h6>\u5728\u4f7f\u7528gcc\/g++\u7f16\u8bd1\u7684\u65f6\u5019\u62a5\u9519\u201cfatal error: config.h: No such file or directory\u201d<\/h6>\n<h6>\u53c2\u8003\u94fe\u63a5\uff1a<\/h6>\n<ul>\n<li><a href=\"http:\/\/stackoverflow.com\/questions\/18114157\/compiling-c-code-with-external-library-references\" target=\"_blank\">http:\/\/stackoverflow.com\/questions\/18114157\/compiling-c-code-with-external-library-references<\/a><\/li>\n<li><a href=\"http:\/\/superuser.com\/questions\/192573\/how-do-you-specify-the-location-of-libraries-to-a-binary-linux\" target=\"_blank\">http:\/\/superuser.com\/questions\/192573\/how-do-you-specify-the-location-of-libraries-to-a-binary-linux<\/a><\/li>\n<\/ul>\n<h6>\u89e3\u51b3\u65b9\u6cd5\uff1a<\/h6>\n<p><span style=\"color: #ff0000;\">\u4f7f\u7528gcc\u7684<strong>-I\u9009\u9879<\/strong>\u6307\u5b9a\u81ea\u5df1\u7684\u5e93\u6587\u4ef6\u641c\u7d22\u8def\u5f84\uff1b\u8fd8\u6709\u4e2a\u7c7b\u4f3c\u7684<strong>-L\u9009\u9879<\/strong>\u3002<\/span><\/p>\n<h6>\u66f4\u591a\u53c2\u8003\uff1a<\/h6>\n<ul>\n<li><a href=\"http:\/\/unix.stackexchange.com\/questions\/98531\/difference-between-sudo-i-and-sudo-su\" target=\"_blank\">http:\/\/unix.stackexchange.com\/questions\/98531\/difference-between-sudo-i-and-sudo-su<\/a><\/li>\n<li><a href=\"http:\/\/askubuntu.com\/questions\/70534\/difference-between-su-sudo-s-sudo-i\" target=\"_blank\">http:\/\/askubuntu.com\/questions\/70534\/difference-between-su-sudo-s-sudo-i<\/a><\/li>\n<\/ul>\n<h5>logname\u547d\u4ee4\u548cgetlogin()\u51fd\u6570\u5b58\u5728\u7684\u4e00\u4e9b\u95ee\u9898\u4e0e\u5c40\u9650\u6027<\/h5>\n<blockquote><p><strong><span style=\"color: #ff0000;\">getlogin() and logname (which just calls getlogin()) obtain the logged-in username by looking up the current tty in utmp<\/span><\/strong> and reporting the login name found in that utmp record. The reason they do that is that they are designed to work on systems where multiple usernames might map to the same uid (a practice generally frowned upon but sometimes used to create multiple root accounts or different login names that start custom shells but all map to the same underlying uid). When used with such accounts, getpwuid(getuid()) will only report the first match from the passwd database, whereas getlogin() will find the one that was actually used to log in.<\/p>\n<p><span style=\"color: #ff0000;\">However, because this function <strong>relies on the contents of a writable file<\/strong>, it is not worthy of the same level of trust as getpwuid(getuid()).<\/span> It&#8217;s true that only privileged processes should be able to write utmp, but there are a few &#8220;extra&#8221; programs that are often configured to be able to write it (generally by being setgid-utmp) like GNU screen and you might not want to trust those. I know that historically on some SysV systems I used to manage, utmp was prone to get corrupted occasionally.<\/p><\/blockquote>\n<h6>\u7b80\u800c\u8a00\u4e4b\u5c31\u662f\uff1a<\/h6>\n<p>getlogin()\u51fd\u6570 \u548c logname\u547d\u4ee4 \u4f9d\u636e\u7684\u662f \/var\/run\/utmp \u8fd9\u4e2a\u6587\u4ef6\u7684\u5185\u5bb9\uff0c\u800c\u8fd9\u4e2a\u6587\u4ef6\u5bf9\u4e8e\u4e00\u4e9b\u7279\u6743\u7528\u6237\u6765\u8bf4\u662f\u53ef\u5199\u7684\uff0c\u6240\u4ee5\u5e76\u4e0d\u503c\u5f97\u88ab\u4fe1\u4efb\u3002\u800c\u4e14getlogin()\u8fd9\u4e2a\u51fd\u6570\u8fd8\u6709\u4e2a\u672c\u5730\u63d0\u6743\u7684\u6f0f\u6d1e\uff1a<a href=\"http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2003-0388\" target=\"_blank\">CVE-2003-0388<\/a>\uff0c\u8fde<a href=\"http:\/\/www.exploit-db.com\/exploits\/22781\/\" target=\"_blank\">exp<\/a>\u90fd\u5b58\u5728\u597d\u4e45\u4e86\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u56e0\u4e3a\u529f\u80fd\u9700\u8981\uff0c\u6240\u4ee5\u8981\u89e3\u51b3\u8fd9\u4e48\u6837\u7684\u4e00\u4e2a\u95ee\u9898\uff0c\u521a\u5f00\u59cb\u65f6\u4ee5\u4e3a\u6709PID\/PPID\/SID\u518d\u52a0\u4e0a\u4e00\u4e2a\u65f6\u95f4\u6233\u2026\u2026\u8fd9\u4e9b\u5185\u5bb9\u5e94 [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23,11,25,12],"tags":[450,451,452,264,126],"class_list":["post-1873","post","type-post","status-publish","format-standard","hentry","category-knowledgebase-2","category-linux","category-security","category-tools","tag-gcc","tag-getlogin","tag-logname","tag-su","tag-sudo"],"views":5001,"_links":{"self":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/1873","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/comments?post=1873"}],"version-history":[{"count":0,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/1873\/revisions"}],"wp:attachment":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/media?parent=1873"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/categories?post=1873"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/tags?post=1873"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}