[3296] in Release_7.7_team
Re: Athena Disconnected Operation White Paper Draft 2.
daemon@ATHENA.MIT.EDU (Derek Atkins)
Fri May 24 19:20:39 2002
To: tb@becket.net (Thomas Bushnell, BSG)
Cc: Bill Cattey <wdc@MIT.EDU>, source-developers@MIT.EDU, release-team@MIT.EDU
From: Derek Atkins <warlord@MIT.EDU>
Date: 24 May 2002 19:20:36 -0400
In-Reply-To: <874rgxp2a2.fsf@becket.becket.net>
Message-ID: <sjm7kltjfp7.fsf@kikki.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
tb@becket.net (Thomas Bushnell, BSG) writes:
> Derek Atkins <warlord@MIT.EDU> writes:
>
> > We need a way to execute scripts in the user's environment, and such
> > a system does not exist.
>
> If you have a way to execute scripts in root's environment, I think
> it's pretty easy to run something in the user's environment...that's
> the joy of being root.
Nope. Sure you can 'su' to the user and get their UID, but that is
insufficient; you still can't get into the user's actual environment.
You don't know what the user's KRB5CCNAME variable is set to, so you
can't refresh tickets. You can't get into the user's PAG, so you
can't get them new AFS tokens. You don't know the user's WGFILE
variable, so you can't refresh zephyr subscriptions. You don't know
what their XAuthority file is, so you can't change the hostname
(because you need to change the xauth cookie as well).
In brief, there are a LOT of functions that have to be executed from
within the user's environment. Even starting as root and 'su'ing is
not sufficient. Note that I did not say "run as the user." I
specifically said "run in the user's environment." The two are _not_
the same.
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available
