> There are actually two environment variables specifying the name of the
> user:  LOGNAME is supposed to be the name of the real uid, USER is
> supposed to be the name of the effective uid.

I always wondered what the distinction is :) One wonders how reliably
programs uphold that distinction.

> These variables are both subject to forgery, but if we provided both the
> geteuid and getruid system calls we could discriminate reliably:
> sometimes you want one, sometimes the other.  This is especially true
> when one of them is root.

Definitely provide both of those syscalls.

Do we need the envars for anything? To get the effective username, call
getpwuid(geteuid()). To get the real username, call getpwuid(getuid()).

The effective user is especially security-sensitive, since that's what's
used to check file permissions and whether or not the user can execute
root-only syscalls.

> Scsh calls the syscalls get-uid and get-effective-uid, but I think we
> should make it get-real-uid instead of get-uid for clarity's sake.
>
> The same applies to gids, of course.

Strongly agreed.

> NIS is just a distributed version of /etc/passwd, as DNS is a
> distributed version of /etc/hosts.  It is tiny and simple compared to X.500.

That's cool. I never thought of DNS that way.