Is there a difference between using os.getlogin()
and os.environ
for getting the current user's username on Linux?
At different times I've seen someone recommend looking at the environment variables $USER
or $LOGNAME
, and other times os.getlogin()
was recommended.
So I'm curious: is one preferred, or are there situations where you would use one over the other, or are they simply two ways of doing the same thing?
environ in Python is a mapping object that represents the user's environmental variables. It returns a dictionary having user's environmental variable as key and their values as value.
getlogin() method in Python is used to get the name of the user logged in on the controlling terminal of the process. Return Type: This method returns a string that denotes the name of the user logged in on the controlling terminal of the process.
The os. getenv() method is used to extract the value of the environment variable key if it exists. Otherwise, the default value will be returned. Note: The os module in Python provides an interface to interact with the operating system.
getpass.getuser()
getpass.getuser()
conveniently searches through the various user environment variables to get the username. This avoids the issues with os.getlogin()
enumerated below.
If you're worried about people modifying the environment variables, then use pwd.getpwuid(os.getuid())[0]
.
From the docs:
This function checks the environment variables
LOGNAME
,USER
,LNAME
andUSERNAME
, in order, and returns the value of the first one which is set to a non-empty string. If none are set, the login name from the password database is returned on systems which support the pwd module, otherwise, an exception is raised.In general, this function should be preferred over
os.getlogin()
.
From the Python docs for os.getlogin()
:
For most purposes, it is more useful to use
getpass.getuser()
since the latter checks the environment variablesLOGNAME
orUSERNAME
to find out who the user is, and falls back topwd.getpwuid(os.getuid())[0]
to get the login name of the current real user id.
os.getlogin()
os.getlogin()
can throw errors when run in certain situations. Using the LOGNAME
, USER
, USERNAME
, etc. environment variables (after checking that they exist) is the safer option. If you're really worried about people changing the environment variables, then you can pull the username from the current process ID using pwd.getpwuid(os.getuid())[0]
.
One issue with os.getlogin()
is that you can`t run it without a controlling terminal. From the docs:
os.getlogin()
Return the name of the user logged in on the controlling terminal of the process. For most purposes, it is more useful to use the environment variables LOGNAME or USERNAME to find out who the user is, or pwd.getpwuid(os.getuid())[0] to get the login name of the current real user id.
If you try to call os.getlogin()
without a controlling terminal, you will get
OSError: [Errno 25] Inappropriate ioctl for device
So using the LOGNAME
, USER
, USERNAME
, etc. environment variables is safer than os.getlogin()
. If you're really worried about people changing the environment variables, then you can use pwd.getpwuid(os.getuid())[0]
.
os.environ['USER']
can lie, with no security controls at all, os.getlogin
doesn't have that problem.
If you're using the ID check for security purposes of any kind, don't rely on the environment.
Example, running as user lowpriv
, checking the environment would tell you you're root when run like so in bash
:
USER=root myscript.py
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With