Issue 678077: add warning to os.getlogin (original) (raw)

I experienced problems when using os.getlogin(). It doesn't work for exmaple after doing a "su". It still reports the old login.

Also "man 3 getlogin" tells me on GNU/Linux (SuSE 8.1):

"Unfortunately, it is often rather easy to fool getlogin().
Sometimes it does not work at all, because some program messed up the utmp file. Often, it gives only the first 8 characters of the login name. The user currently logged in on the controlling tty of our program need not be the user who started it. Avoid getlogin() for security-related purposes.

Nobody knows precisely what cuserid() does - avoid it in portable programs - avoid it altogether - use getpwuid(geteuid()) instead, if that is what you meant. DO NOT USE cuserid()"

It would be nice if you could add some warning to the documentation of Python's os.getlogin() telling the user it's better to use "pwd.getpwuid(os.getuid())[0]". That's at least what I do now and it works as expected.

TIA!