Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"

Re: log the ip of the executor

by Gilimanjaro (Hermit)
on Apr 20, 2006 at 09:26 UTC ( #544557=note: print w/ replies, xml ) Need Help??

in reply to log the ip of the executor

How are people logging into the servers that the menu runs on?

If they're logging on using SSH, then the script should know about the SSH_CLIENT environment variable, which you could pass to your script; would then contain:

sudo /usr/local/bin/ --clientip $SSH_CLIENT

The --clientip variable is just an idea, but it would be trivial to parse your command line using Getopt::Long if you choose to do it this way.

There is no 'standard' way to determine the ip of the current user, because that would assume that you're always using a network connection to connect. And that doesn't have to be the case, if you would for instance login using the local console.

You may want to have a look at the man-pages for w, who and utmp (though the latter merely describes the C library for utmp). who -m may also suit your purposes.

For a more perly solution, you may want to look at the User::Utmp module. This would allow you to inspect the login records from perl. If I remember correctly, sudo provides you with the SUDO_USER environment variable which would tell you what user originally logged in, and is running the script.

Replies are listed 'Best First'.
Re^2: log the ip of the executor
by Fletch (Chancellor) on Apr 20, 2006 at 12:05 UTC

    Of course if the user can in any way manipulate the environment SSH_CLIENT would be of no use. Only trust it if the user can only run this one command via ssh (e.g. using OpenSSH's ability to limit what a user can run via the ~/.ssh/authorized_keys file), and then I'd still be paranoid.

      Well yeah... Naturally...

      I'm assuming that the SSH-aspect of it all is securely setup. Even the fact that ssh is being used is an assumption.

      The only way to circumevent evildoing like this, would be to look up the process-tree for the ssh-process that we got forked of off, and get the uid/pid that process is running under, and check netstat for the connection details I suppose...

      But the setup itself is quite dangerous; has to be VERY tight as it's running root... Hopefully the OP is using taint mode, and untainting properly...

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://544557]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others musing on the Monastery: (5)
As of 2016-08-27 19:59 GMT
Find Nodes?
    Voting Booth?
    The best thing I ever won in a lottery was:

    Results (387 votes). Check out past polls.