Control: tags -1 - wontfix
On Fri, 07 Oct 2022 07:33:53 +0800 Paul Wise wrote:
> On Fri, 2022-10-07 at 00:33 +0200, Francesco Poli wrote:
>
> > I am not sure I see the use of such additional information
>
> It is useful for accountability on systems where there are multiple
> sysadmins who use sudo/etc to get root, to know who did what when.
OK, I see.
>
> > but anyway reading /var/log/apt/history.log means that we are
> > assuming that apt-listbugs will always be invoked from apt.
> > But apt-listbugs supports other package managers, which do not provide
> > Commandline/Requested-By fields in history.log (aptitude) or, maybe, do
> > not log to /var/log/apt/history.log at all (cupt?).
>
> Sorry, I should have been clearer in my initial bug report.
>
> I was asking for the requestor and command-line to be documented, but
> not really for those to be read from the apt history log. The requestor
> can be got from the SUDO_* or PKEXEC_UID environment variables, and the
> command-line can be got from either SUDO_COMMAND and or by inspecting
> the command-line of the parent process using the /proc/12345/cmdline
> file. The PKEXEC_UID would need translating to the username of course.
[...]
This looks much more feasible.
I cannot promise that I will get around to it before bookworm freezes,
but I think it can be done (sooner or later).
As far as the requester user name is concerned, there's already some
code in apt-listbugs which tries to determine it.
It uses the output from the "logname" command. This works with "su" and
"sudo". I don't know about "pkexec", I will have to test it.
For the command line, reading from /proc/${PPID}/cmdline seems to be a
little tricky.
Also, I wonder how portable it is. Is it a Linux-specific thing, or
is it mandated by POSIX? Is it supported by non-Linux kernels (GNU
Hurd, FreeBSD kernel, ...)?
Is there a better or more convenient way?
--
http://www.inventati.org/frx/
There's not a second to spare! To the laboratory!
..................................................... Francesco Poli .
GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
pgpqDGZ2r194z.pgp
Description: PGP signature
