Now 'ucsf vpn start' finds the logged in user's '~/.netrc' file also …

…when called via 'sudo' [#52]
HenrikBengtsson · May 15, 2024 · cd0c541 · cd0c541
1 parent 5a0df49
commit cd0c541
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 8 deletions.
diff --git a/NEWS.md b/NEWS.md
@@ -10,6 +10,9 @@ ucsf-vpn
    agree, an informative error is produced. Previously, it returned
    after the first validation method was successful, ignoring the
    remaining validation methods.
+
+ * Now `ucsf vpn start` finds the logged in user's `~/.netrc` file
+   also when called via `sudo`.
 
 ### New Features
 

diff --git a/README.md b/README.md
@@ -228,7 +228,7 @@ Useful resources:
 * UCSF Managing Your Passwords:
   - https://it.ucsf.edu/services/managing-your-passwords
 
-Version: 5.7.0-9018
+Version: 5.7.0-9020
 Copyright: Henrik Bengtsson (2016-2024)
 License: GPL (>= 2.1) [https://www.gnu.org/licenses/gpl.html]
 Source: https://github.com/HenrikBengtsson/ucsf-vpn

diff --git a/bin/ucsf-vpn b/bin/ucsf-vpn
@@ -135,7 +135,7 @@
 ### * UCSF Managing Your Passwords:
 ###   - https://it.ucsf.edu/services/managing-your-passwords
 ###
-### Version: 5.7.0-9020
+### Version: 5.7.0-9021
 ### Copyright: Henrik Bengtsson (2016-2024)
 ### License: GPL (>= 2.1) [https://www.gnu.org/licenses/gpl.html]
 ### Source: https://github.com/HenrikBengtsson/ucsf-vpn
@@ -563,16 +563,27 @@ function status() {
 # Credentials, e.g. .netrc, prompting for password, etc.
 # -------------------------------------------------------------------------
 function source_netrc() {
-    local rcfile pattern found bfr defaultrc
+    local rcfile pattern found bfr home
+
+    if [[ -z ${NETRC} ]]; then
+        if [[ ${EUID} -eq 0 ]]; then
+            ## Identify the HOME folder of the logged in user, even when
+            ## 'ucsf-vpn' is called via sudo
+            home=$(getent passwd "$(logname)" | cut -d ":" -f 6)
+            ## Fall back to HOME, if the above failed
+            if [[ ! -d "${home}" ]]; then
+                home=${HOME}
+            fi
+        else
+            home=${HOME}
+        fi
+        rcfile=${home}/.netrc
+    fi
 
-    # eval is another solution, but a security risk
-    # https://stackoverflow.com/questions/7358611/get-users-home-directory-when-they-run-a-script-as-root
-    defaultrc=$(getent passwd "$(logname)" | cut -d: -f6)/.netrc
-    rcfile=${NETRC:-${defaultrc}}
     ## No such file?
     if [[ ! -f "${rcfile}" ]]; then
         mdebug "No .netrc file: $rcfile"
-        return;
+        return
     fi
     mdebug "Detected .netrc file: $rcfile"