Re: Adress of client opening a Unix session

Some things like ssh will set an environment variable, but since the user's free to muck with that before running your program it's not trustworthy. Slightly more reliable would be reading the remote host from /etc/utmp, but that's going to be somewhat platform dependent (see Sys::Utmp or User::Utmp) and if someone can manipulate the DNS server you're using it's likewise untrustworthy.

A better solution would be to mandate seperate system logins for each user and use those to determine who's running your program. If someone can circumvent that they more than likely could alter your log anyhow.

Comment on Re: Adress of client opening a Unix session

Replies are listed 'Best First'.
Re^2: Adress of client opening a Unix session by kurreburre (Acolyte) on Sep 09, 2004 at 12:54 UTC
Yes I do agree with you, that the best thing would be to have different users, but that is not really possible because of the arcitecture. This "build" script is only meant for administrators of the system, but now during implementation other people need to use it and therefor we must log it. I'll have a look on the Sys::Utmp and the User::Utmp Thanks	[reply]
Re^3: Adress of client opening a Unix session by Fletch (Bishop) on Sep 09, 2004 at 23:20 UTC
Ah, then you probably can use `sudo` and let it handle the logging. Just create a dedicated `build` user who's the owner of everything in question. Put the people who need to be able to run the build process in a group, and then configure `sudo` to allow that group to run whatever command / script is necessary to kick things off (and the original user who ran `sudo` will be logged to wherever syslog is pointing).	[reply]