dtrace discuss - Sep 2007 - Newbie:How to get the actual username instead of uid

Hi,
Is there anyway for dtrace to report me the actual user name instead of a uid.

For example If I have the following code somewhere in in my script, I know that
I am getting uid with printf function

syscall::open:return,syscall::open64:return
{
        .............
        printf("%d,%s,... ",uid, ......);

}

Is there any way to get the username corresponding to that uid? I know that I
can look at /etc/password and get the username but is there anything I can do
directly from Dtrace?
Thank you.


--
This message posted from opensolaris.org

Hi,
>Is there anyway for dtrace to report me the actual user name instead of a
uid.
>
>For example If I have the following code somewhere in in my script, I know
that I am getting uid with printf function
>
>syscall::open:return,syscall::open64:return
>{
>        .............
>        printf("%d,%s,... ",uid, ......);
>
>}
>
>Is there any way to get the username corresponding to that uid? I know that
I can look at /etc/password and get the username but is there anything I can do
directly from Dtrace?
>
You can''t obtain the username from within probe context but you can
use the system() action to do this. Actually, this very example is given
in the docs. Check out the system() action example at:

http://docs.sun.com/app/docs/doc/817-6223/chp-actsub#hic

Jon.

On Tue, Sep 11, 2007 at 08:55:48PM +0100, Jon Haslam
wrote:
> Hi,
> 
> >Is there anyway for dtrace to report me the actual user name instead of
a uid.
> >
> >For example If I have the following code somewhere in in my script, I
know that I am getting uid with printf function
> >
> >syscall::open:return,syscall::open64:return
> >{
> >        .............
> >        printf("%d,%s,... ",uid, ......);
> >
> >}
> >
> >Is there any way to get the username corresponding to that uid? I know
that I can look at /etc/password and get the username but is there anything I
can do directly from Dtrace?
> >
> 
> You can''t obtain the username from within probe context but you
can
> use the system() action to do this. Actually, this very example is given
> in the docs. Check out the system() action example at:
> 
> http://docs.sun.com/app/docs/doc/817-6223/chp-actsub#hic
Boy does that example take me back.  As you might guess, it was written
by me on or about Tue Jul 20 11:56:30 CDT 2004. ;)  Firefox was still
called Firebird, and I was on the plane, on the way to a demo that
would become infamous:

  http://blogs.sun.com/bmc/date/20040726

Needless to say, the return flight was not quite so relaxing:  I spent
it root-causing what exactly had gone wrong during the demo.  Given
that they have since given a public reference for DTrace, I think it''s
safe to reveal that the customer in question was FedEx, and that the demo
in question was in Memphis.  Not sure if any on the list were in the
room that day (if you are, thank you for having been so forgiving!),
but I think it remains my most stressful moment in front of a customer...

Anyway, that documentation will forever for me be the calm before the
storm... ;)

	- Bryan

--------------------------------------------------------------------------
Bryan Cantrill, Solaris Kernel Development.       http://blogs.sun.com/bmc

Thank you very much for your response. Actually that example worked, but the
Dtrace guide defines the system action as destructive. So, is the following
action safe to use then?
system("getent passwd %d | cut -d: -f5",uid);
I am not changing  anything at the system level , just reading  it.

Regards.
Deniz.


On 9/11/07, Bryan Cantrill <bmc at eng.sun.com>
wrote:
>
> On Tue, Sep 11, 2007 at 08:55:48PM +0100, Jon Haslam wrote:
> > Hi,
> >
> > >Is there anyway for dtrace to report me the actual user name
instead of
> a uid.
> > >
> > >For example If I have the following code somewhere in in my
script, I
> know that I am getting uid with printf function
> > >
> > >syscall::open:return,syscall::open64:return
> > >{
> > >        .............
> > >        printf("%d,%s,... ",uid, ......);
> > >
> > >}
> > >
> > >Is there any way to get the username corresponding to that uid? I
know
> that I can look at /etc/password and get the username but is there anything
> I can do directly from Dtrace?
> > >
> >
> > You can''t obtain the username from within probe context but
you can
> > use the system() action to do this. Actually, this very example is
given
> > in the docs. Check out the system() action example at:
> >
> > http://docs.sun.com/app/docs/doc/817-6223/chp-actsub#hic
>
> Boy does that example take me back.  As you might guess, it was written
> by me on or about Tue Jul 20 11:56:30 CDT 2004. ;)  Firefox was still
> called Firebird, and I was on the plane, on the way to a demo that
> would become infamous:
>
>   http://blogs.sun.com/bmc/date/20040726
>
> Needless to say, the return flight was not quite so relaxing:  I spent
> it root-causing what exactly had gone wrong during the demo.  Given
> that they have since given a public reference for DTrace, I think
it''s
> safe to reveal that the customer in question was FedEx, and that the demo
> in question was in Memphis.  Not sure if any on the list were in the
> room that day (if you are, thank you for having been so forgiving!),
> but I think it remains my most stressful moment in front of a customer...
>
> Anyway, that documentation will forever for me be the calm before the
> storm... ;)
>
>         - Bryan
>
> --------------------------------------------------------------------------
> Bryan Cantrill, Solaris Kernel Development.       http://blogs.sun.com/bmc
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mail.opensolaris.org/pipermail/dtrace-discuss/attachments/20070911/f28ca738/attachment.html>

On Tue, Sep 11, 2007 at 03:45:59PM -0500, deniz rende
wrote:
> Thank you very much for your response. Actually that example worked, but
the
> Dtrace guide defines the system action as destructive. So, is the following
> action safe to use then?
> system("getent passwd %d | cut -d: -f5",uid);
> I am not changing  anything at the system level , just reading  it.
system() is destructive because you need to use it carefully -- it''s
not hard to come up with enablings that put the system in quite a bit
of pain.  (In particular, if you are calling system() from a path that
is called from fork()''ing and exec()''ing the shell, you have
created a
positive feedback loop.)  This issue is discussed in slide 28 of our
"Tips, Tricks and Gotchas" presentation:

  http://blogs.sun.com/bmc/entry/dtrace_tips_tricks_and_gotchas

You can easily avoid any positive feedback loop by adding a predicate to
the enabling that calls system():

	syscall::whatever:entry
	/!progenyof($pid)/
	{
		system("echo ::obey | mdb");
	}

	- Bryan

--------------------------------------------------------------------------
Bryan Cantrill, Solaris Kernel Development.       http://blogs.sun.com/bmc