Prev: IGMP snooping
Next: Forging IPv6 addresses?
From: Poster Matt on 16 Feb 2010 10:52 Hi, I'm returning to programming for UNIX/Linux in C after a break of 15 years, ouch, so apologies if this is a real newbie question. My code needs to fopen a config file in a user's home directory, I rapidly worked out that using "~/.config_file_name" was a no-no, as the '~' does not evaluate the same way it would from the shell. Instead I am using getenv("HOME") to get the path to the user's home directory, that works fine. My question is if the HOME environment variable can always be relied on? Is there a different way of doing this, or have I chosen the established best way of doing it already? Many thanks all. Regards, Matt
From: Nicolas George on 16 Feb 2010 11:16 Poster Matt wrote in message <rbzen.40770$Ym4.18675(a)text.news.virginmedia.com>: > My question is if the HOME environment variable can always be relied on? Depends on what you mean by "relied upon". $HOME is what the user wants the program to use as home directory. It is set by default according to /etc/passwd or similar, but the user can change it. The base information can be read using getpwuid and the pw_dir field. If the home of the user is /home/john, but $HOME points to /tmp/home, for example, that probably means the user is trying something specific, like testing a change in a configuration file. In that case, it is probably best to follow the change. Programs that try to be smarter and end up not obeying to the user are really annoying. There is an exception, of course, if there is a security problem. But I can only find far-fetched situations where the current process' user's home directory is necessary and $HOME is unreliable.
From: Måns Rullgård on 16 Feb 2010 11:43 Nicolas George <nicolas$george(a)salle-s.org> writes: > Poster Matt wrote in message > <rbzen.40770$Ym4.18675(a)text.news.virginmedia.com>: >> My question is if the HOME environment variable can always be relied on? > > Depends on what you mean by "relied upon". > > $HOME is what the user wants the program to use as home directory. It is set > by default according to /etc/passwd or similar, but the user can change it. > The base information can be read using getpwuid and the pw_dir field. > > If the home of the user is /home/john, but $HOME points to /tmp/home, for > example, that probably means the user is trying something specific, like > testing a change in a configuration file. In that case, it is probably best > to follow the change. Programs that try to be smarter and end up not obeying > to the user are really annoying. > > There is an exception, of course, if there is a security problem. But I can > only find far-fetched situations where the current process' user's home > directory is necessary and $HOME is unreliable. Some programs, e.g. ssh, do some extra checks on the ownership and permission of files before using them for security-critical purposes. This seems like a sensible approach to me. -- M�ns Rullg�rd mans(a)mansr.com
From: Poster Matt on 16 Feb 2010 11:45 Nicolas George wrote: > Poster Matt wrote in message > <rbzen.40770$Ym4.18675(a)text.news.virginmedia.com>: >> My question is if the HOME environment variable can always be relied on? > > Depends on what you mean by "relied upon". All I meant was if I could rely on using getenv("HOME") to reliably get the home directory of a user, in all normal situations. I suppose I was just checking in case there were differences between flavours of UNIX/Linux in where the home directory environment variable was stored. For example if HOME_DIR was used sometimes or if HOME is often left unset. > There is an exception, of course, if there is a security problem. But I can > only find far-fetched situations where the current process' user's home > directory is necessary and $HOME is unreliable. Many thanks Nicholas. Very helpful and I'll proceed with using HOME. Cheers.
From: David Schwartz on 16 Feb 2010 12:00
On Feb 16, 8:45 am, Poster Matt <postermatt(a)no_spam_for_me.org> wrote: > > Depends on what you mean by "relied upon". > All I meant was if I could rely on using getenv("HOME") to reliably get the home > directory of a user, in all normal situations. That doesn't answer the question. Do you mean "what the user wants me to use as his home directory" or "securely get what the system administrator set as the user's home directory"? Do you want the user to be able to override this if he needs to or not? > I suppose I was just checking in case there were differences between flavours of > UNIX/Linux in where the home directory environment variable was stored. For > example if HOME_DIR was used sometimes or if HOME is often left unset. If it's unset, use 'getpwuid(getuid());' DS |