System command on FreeBSD...
Bill Vermillion
fp at wjv.com
Wed Dec 29 10:53:57 PST 2004
On Wed, Dec 29 12:16 Chad McWilliams said 'Who you talkin' to? You talkin'
to Chad McWilliams? I didn't do nuttin'. I said:
> > > I am in the process of migrating from SCO to FreeBSD. I
> > have installed
> > > the FreeBSD version of filePro, and have run into the following
> > > problem:
> > > On SCO when user bob runs the system command to run another FP
> > > program, @id shows bob in the new program.
> > > On FreeBSD when user bob does the same thing, @id shows
> > > filepro in the new program.
> > > Is there away around this so that I get the SCO behavior of
> > > the system command?
> > Not as far os the OS is concerned, and I don't know how FP
> > handles things internally in this regard. The BSD systems
> > handle this differently than the Unix systems systems do. I
> > think this goes back to the days when BSD was forked from
> > Version 7 [ or a release thereafter].
> > > I have played with PFSYSEUID to no avail.
> > > I'm running FreeBSD 4.9, filePro 5.0.13R4.
> > What is it you are trying to accomplish?
> We have a function set up that allows a user to switch to
> another menu (say from order entry to customer master) to look
> up something. The problem is that under BSD when they do that,
> the other program is run as the user (@id) of filepro, rather
> then their user id. We have a security routine that checks
> whether they are allowed to do what they are attempting it, and
> it uses @id lookup the user by.
> Does this make sense?
Now that I see what you want to do, I can make a suggestion.
You'll have to change the way you test for the approved user
however.
Since 'id' will return the id and group memberships [of which there
can be many in the BSD world] I think the only thing you can
really depened upon to find the calling user is to use
the 'who am i' command. This will return the ID of the actual
login. Do NOT confuse this with the 'whoami' command which will
return the EUID.
There aren't many things that are that different from the Unix
systems and the BSD systems - but his is certainly one of them.
I also have problem with the way part of the 'su' is implemented
as using multiple 'su's can give some permissions they are not
supposed to have. I got a lively discussion started and many
didn't see the problem, but then in the end those who run secure
system think the su stack should be limited to one - and that would
fix any potential holes. I had been using the FreeBSD for quite
awhile when I discovered that one, and to my way of thinking it
is an anomoly.
But I think parsing the output of 'who am i' will do what you need
it to do.
Bill
--
Bill Vermillion - bv @ wjv . com
More information about the Filepro-list
mailing list