{"id":17949,"date":"2013-04-05T08:37:26","date_gmt":"2013-04-05T06:37:26","guid":{"rendered":"https:\/\/mamchenkov.net\/wordpress\/?p=17949"},"modified":"2013-04-05T09:44:00","modified_gmt":"2013-04-05T07:44:00","slug":"accessing-current-username-sudo-scripts-centos","status":"publish","type":"post","link":"https:\/\/mamchenkov.net\/wordpress\/2013\/04\/05\/accessing-current-username-sudo-scripts-centos\/","title":{"rendered":"Accessing current username in sudo scripts on CentOS"},"content":{"rendered":"\n

I got a bit of a puzzle at work today. \u00a0I had a script that was executed as another user via sudo, but I wanted to access the original username in the script, to know who was executing it. \u00a0Sudoers manual<\/a> suggest working with “Defaults env_keep<\/em>“. \u00a0Looking into the \/etc\/sudoers<\/em>, I noticed that $USERNAME<\/em> variable was whitelisted (in line #3 below):<\/p>\n

\r\nDefaults env_reset\r\nDefaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"\r\nDefaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"\r\nDefaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"\r\nDefaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"\r\nDefaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"\r\n<\/pre>\n
So, I tried to use the $USERNAME<\/em> variable in my script but it was coming up with empty results. \u00a0That made me look deeper into default Bash initialization, and I found out that $USERNAME<\/em> variable setup wasn’t a part of it. \u00a0However, $LOGNAME<\/em> was (in \/etc\/profile<\/em>). \u00a0I think, so few people actually use it that nobody noticed or bothered about it until now. \u00a0Anyway, the solution now was obvious – simply add $LOGNAME<\/em> variable to the sudo white list. \u00a0Appending this line to the above env_keep ones did the job:<\/p>\n
\r\nDefaults \u00a0 \u00a0env_keep += "LOGNAME"\r\n<\/pre>\n
There. In hopes it will help future generations…<\/p>\n
P.S.: All that happened on a more or less default installation of CentOS 6.3, but I’m sure other Red Hat based distributions have a similar issue.<\/p>\n
P.P.S.: If your script is ALWAYS invoked via sudo, also have a look at $SUDO_UID<\/em>, $SUDO_GID<\/em>, and $SUDO_USER<\/em> variables.<\/p>\n\n","protected":false},"excerpt":{"rendered":"\n
I got a bit of a puzzle at work today. \u00a0I had a script that was executed as another user via sudo, but I wanted to access the original username in the script, to know who was executing it. \u00a0Sudoers manual suggest working with “Defaults env_keep“. \u00a0Looking into the \/etc\/sudoers, I noticed that $USERNAME variable … Continue reading Accessing current username in sudo scripts on CentOS<\/span><\/a><\/p>\n\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false,"_links_to":"","_links_to_target":""},"categories":[1,6,133,62],"tags":[3098,1960,200],"keyring_services":[],"class_list":["post-17949","post","type-post","status-publish","format-standard","hentry","category-general","category-linux","category-sysadmin","category-technology","tag-bash","tag-command-line","tag-security"],"aioseo_notices":[],"aioseo_head":"\n\t\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t