Uniquely identifying a user: is it possible?

Thad P Floryan thad at cup.portal.com
Fri Jan 12 21:18:06 AEST 1990 

comeau at utoday.UUCP (Greg Comeau) in <1143 at utoday.UUCP> writes:

	It appears you wanted to do more than what is stores in u/w/tmp anyway,
	so you nest bet may be to forget that file and create whatever you need
	tocreate via /etc/profile (which will only therefore catch interactive
	logins and not stuff like uucp which can be handled in another way)
	as well as front-ending or re-writing su for the audits you need.

regarding my question whether it's possible to uniquely identify a user under
all conceivable circumstances.  "Uniquely identify" pertaining to username and
to "controlling terminal" such that one could, if so desired, locate the specif
c
/etc/utmp entry.

Results so far:

	username:  YES  (via cuserid(3S))
	terminal:  NO   (if all streams are redirected)

This "quest for truth" is solely for my own edification after I discovered
my own lastlogin program "failed" when I was running su'd root:

	I cannot ASSUME the $HOME will always be inviolate.
	I cannot ASSUME the user will never "su".
	I cannot ASSUME the user won't redirect stdin, stdout and stderr.

Due to other posted events since Jan.2, I have now removed the word "ASSUME"
from my vocabulary!  :-)

Examples abound re: nlist()'ing /unix, so that's not the problem.  The question
was whether there's a non-privileged way of accurately identifying the user.
It appears there is NO such way per (email) responses received to date.

My purpose was not to audit, but to write a PD "who" that would highlight the
present user (either with "*" or reverse video or whatever's applicable) per:

	$ who
	guest     tty000      Jan 11 22:43
	thad      w1          Jan 10 01:59
	thad    * p0          Jan 12 00:32
	thad      ph1         Jan 11 23:57

And, don't laugh; I've had over 16 people (myself multiple times, too) logged
into one of my UNIXPCs at ONE TIME.  This was during a party last month when I
became weary of a boor bragging about his system supporting multiple users at
one time (and, no, it was not any AT&T system although its name did begin with
the letter "A") that (thanks to StarLAN) I just started firing up the online
jobs and had them run GNU EMACS, gcc, several graphics demos, etc.  Needless
to say, the boor quickly became quiet!  It became very apparent very quickly
the UNIXPC outperformed a Mac II A/UX Version 1 (esp. with respect to disk
I/O); he brought his machine over from next door and there was simply NO doubt
in anyone's mind which machine was quicker.

Thad Floryan [ thad at cup.portal.com (OR) ..!sun!portal!cup.portal.com!thad ]

More information about the Comp.sys.att mailing list