chrism01 has asked for the wisdom of the Perl Monks concerning the following question:

Monks,
I'm running on SunOS 5.10, using perl v5.8.4 .
According to the man page:

     Example 3: Executing command with user bin's Environment and
     Permissions

     To execute command with the temporary environment  and  per-
     missions of user bin, type:

     example% su - bin -c "command args"

[download]
and I run the cmd (from root)
su - myuser -c "/home/myuser/t1.pl"

[download]
on file
#!/usr/bin/perl -w
use strict;

open(OUT,">su-test.log") or die;
print OUT "user $ENV{'USER'}\n";
close(OUT) or die;
exit;

[download]
but get error

Use of uninitialized value in concatenation (.) or string at /home/myuser/t1.pl line 5.

Any ideas, ie why doesn't it work as per man page?

Cheers
Chris

Replies are listed 'Best First'.
Re: Obtaining %ENV values via su cmd
by Trizor (Pilgrim) on May 14, 2007 at 23:28 UTC

    Try using Data::Dumper to see what is in %ENV, it is posible that user bin explicity unsets USER or some other shenanigains. This is the output that I get on my box (Dapper drake server).

    env.pl, the test script 
    #!/usr/bin/perl -w
use strict;

use Data::Dumper;

print Dumper(\%ENV);

    [download]
    And the output:
    trizor@trap:/home$ sudo su - greg -c /home/env.pl 
$VAR1 = {
          'HOME' => '/home/greg',
          'LOGNAME' => 'greg',
          'SHLVL' => '1',
          '_' => '/home/dummy.pl',
          'SHELL' => '/bin/bash',
          'TERM' => 'xterm',
          'PWD' => '/home/greg',
          'USER' => 'greg',
          'LANG' => 'en_US.UTF-8'
        };

    [download]

    As you can see, USER is there plain as day.

[reply]
[d/l]
[select]
      Interesting ... turns out 'USER' ISN'T there, but LOGNAME is.
      BTW, ref to bin user is just an example quoted from man page.
      I'm having to run this as the root user.
      I need to be able to do this from cron eventually ie root or system crontab.
      I'll try that now.
      BTW, what is the diff between USER and LOGNAME and are there any other values I can check for in case they aren't there.
      Basically, the real prog will be run on various systems under different users and I need to know which user when it runs, as certain users aren't allowed to call my program... it's part of a system monitor suite.

      Cheers
      Chris

[reply]

        I don't know much about %ENV, I rarely use it. If you need to know what user you're running as my guess would be to check $> and $< against /etc/passwd or use POSIX;. I definitely wouldn't trust %ENV, since it is passed to the program at execution time and could be modified to fake values.

        I would also advise reading perlsec if you're writing any system that needs to be secure.

[reply]
        I've had similar situations where I had to "just get it working", and, seeing the variance in environment settings across systems, I just did something like this: 
        my $username = $ENV{USER} || $ENV{LOGNAME} || `whoami`;
chomp $username;  # in case it came from the shell command

        [download]
        But I never had to do this in a situation where "su" was being used, and I'd worry about whether one or the other %ENV setting gets "updated" or not across the "su" (with or without the "-" to invoke the new user's rc file(s)).

        Having just tried it on freebsd, it looks like "whoami" definitely reports the "effective username" (i.e. the user that you "su" to); maybe the price of running the backtick command is worthwhile, considering the stability you get in return...

[reply]
[d/l]
Re: Obtaining %ENV values via su cmd
by rev_1318 (Chaplain) on May 15, 2007 at 22:36 UTC
    OT More or less off topic:
    On Solaris, using su - only parses your .profile if your shell is /bin/sh. As soon as you use an other login shell, you may get into trouble.

    Paul

[reply]

Back to Seekers of Perl Wisdom