Logging script usage when executed via sudo on *nix

c has asked for the wisdom of the Perl Monks concerning the following question:

a unix question wrapped in perl paper.
i'm adding logging capability to a script i've recently written. i would like to include the name of the non-privelaged user executing the script in the log file. however, this script will more than likely always need to be ran using the sudo command.
sudo forces the uid/gid of the current user to that of root, and therefore the log entry contains "root" rather than the non-privelaged user's name.
has anyone ran into this issue before, and if so, how did they handle it? i've been trying to come up with a way that perl could pull the name of the user originally executing the script, but i am at a loss.

humbly -c

Comment on Logging script usage when executed via sudo on *nix

Replies are listed 'Best First'.
Re: Logging script usage when executed via sudo on *nix by suaveant (Parson) on Sep 20, 2001 at 18:14 UTC
I would use a setuid perl script (using suidperl) and then $< will contain the REAL_USER_ID of the user running the script, and $> will have the effective user id (root) - Ant - Some of my best work - Fish Dinner	[reply]
Re: Logging script usage when executed via sudo on *nix by Albannach (Monsignor) on Sep 20, 2001 at 18:13 UTC
I think your answer lies with your sudo configuration. Have you tried negating the `set_logname` flag in the sudoers file? You might also want to set the `logfile` path to enable the sudo log if you haven't already done so. -- I'd like to be able to assign to an luser	[reply] [d/l] [select]
Re: Logging script usage when executed via sudo on *nix by virtualsue (Vicar) on Sep 20, 2001 at 18:23 UTC
Update: Ignore this. I was thinking about setuid scripts rather than sudo. I use the `sudolog` to see which user ran what command.	[reply] [d/l]
Re: Logging script usage when executed via sudo on *nix by blakem (Monsignor) on Sep 20, 2001 at 21:50 UTC
I think sudo sets some environment variables that you can check for in your perl script... From the sudo manpage: `SUDO_USER Set to the login of the user who invoked sudo SUDO_UID Set to the uid of the user who invoked sudo SUDO_GID Set to the gid of the user who invoked sudo` [download] -Blake	[reply] [d/l]