On Fri, 05 May 2017 09:00:58 +1000, Cameron Simpson wrote: > On 04May2017 15:03, Wildman <best_...@yahoo.com> wrote: > >>The program installs using the Debian package system (.deb) and an >>entry is created in the Applications Menu. The strange thing is >>that the crash only occurs when the program is run from the menu. >>If I open a terminal and run the program from there, the program >>runs fine. > > And this supports that. > > getlogin is not magic, and can be overused. The Python docs say "Return the > name of the user logged in on the controlling terminal of the process." > Clearly > that will fail. > > When you start from a terminal, your command will have that as its > controlling > terminal unless it has gone out of its way not to. When you start from a > menu, > usually that menu system will not be associated with a terminal. In this case > you need to fall back on other methods of figuring out "who is logged in".
What I don't understand is why the program will run from the menu on some Linux distros and not others. I might need to take a closer look at the structure of the .desktop file used to launch my program. Thanks. > You should also _minimise_ the time and work your program does as root. Along > the lines of: > > ... program invoked setuid ... > look up os.getuid() to find the uid of the invoker > read as little as possible of the privileged info (i.e. shadow) as required > os.setuid() BACK TO THE ORIGINAL USER SO YOU ARE NO LONGER ROOT > ... do everything else ... This is interesting. Will do some experimenting. > Part of your problem is that "who is the currently logged in user" is a > nebulous idea. Supposing you were to address the lack of controlling terminal > by seeing who is logged into the console. That is a little trusting. > Supposing > _you_ are logged into the console, running X11. And while so, _I_ ssh into > your > machine and run your program without a controlling terminal. Then your > program > will _mistakenly_ presume the logged in user is _you_ (because, after all, > you're logged in), and report _your_ information to _me_. > > For all that setuid programs have their own security issues, at least they > _know_ who they were invoked by from os.getuid(), without playing insecure > guessing games around "who is logged in". Because the latter is not > equivalent > to "whose information should I access?" > > I hope this points a way forward. > > Personally I would usually resist accessing information not available as the > user, and avoid the need to run as root at all. > > Cheers, > Cameron Simpson <c...@zip.com.au> I appreciate the advice and will consider it. -- <Wildman> GNU/Linux user #557453 The cow died so I don't need your bull! -- https://mail.python.org/mailman/listinfo/python-list