#!/bin/bash
# who_was_root.sh
# Meryll Larkin
# November 11, 2021

# Determine the actual user who is acting as root
# This script is run either as sudo or root
# It will reveal the uid of the user who is working as root or sudo
# provided the original login was not done as root

if [[ $EUID -ne 0 ]]; then
   echo "This script must be run as root"
   exit 1
fi
# this is in case some idiot actually logged in as root
loopkiller=0
limit=25
# Determine the actual user who is acting as root
# get the pid of this process 
pid=$$
# get the parent id of current process
parent_id=`ps -o ppid= $pid`
originating_user=`ps -o user= -p $parent_id`
while [[ "$originating_user" == "root" ]] ; do
    # Originating user was root, identify the ppid to the prior parent pid
    parent_id=`ps -o ppid= $parent_id`
    originating_user=`ps -o user= -p $parent_id`
    let loopkiller=$loopkiller+1
    if [[ $loopkiller -gt $limit ]] ; then 
        echo "Some idiot logged in as root"
        return
    fi
done
echo $originating_user
exit


# Optionally, this function can be placed in /root/.bash_profile
function whowasi {
    loopkiller=0
    limit=25
    # get the parent id of the current function and check who ran the parent id
    pid=$$
    parent_id=`ps -o ppid= $pid`
    # this is who ran the parent function
    originating_user=`ps -o user= -p $parent_id`
    while [[ "$originating_user" == "root" ]] ; do
        # Originating user was root, identify the ppid to the prior parent pid
        parent_id=`ps -o ppid= $parent_id`
        originating_user=`ps -o user= -p $parent_id`
        let loopkiller=$loopkiller+1
        if [[ $loopkiller -gt $limit ]] ; then
             echo "Some idiot logged in as root"
             return
        fi
    done
    echo $originating_user
}