>> >> : One way is to ask the identd service running on the local machine.
>> >> : This method : is portable to any OS that has an identd service.
>> >> But it isn't safe, even on the local machine, since there are ways,
>> >> notably with ssh redirects, to issue local connections as root although
>> >> you are on a remote system.
>> > Hmm... I am using LOCAL sockets (aha UNIX domain sockets) only. Is it
>> > possible in the server (that is running as root) to determine UID of the
>> > client just connected ?.. I badly need it ...
>> Why don't you just have the client tell you who it is?
>Because it is insecure. Any other ideas ?
Here is something to think about. I haven't tried this at all, and haven't
thought it through security-wise.
Have the client create a temporary file (so it will be the owner) with a
mode of 0600. The fact that it has the file open means that it is the owner
of the file (or super-user; can't get around that). (I'm ignoring any silliness
like the permissions changing after the open()). Then, send the descriptor
to the server over your Unix domain socket. The server can receive the
descriptor and do an fstat() on it to find the owner of the file (and be sure
that the permissions are 0600), and take that to be the uid of the client