Menu
3. Saved UserID : It is used when a process is running with elevated privileges (generally root) needs to do some under-privileged work, this can be achieved by temporarily switching to a non-privileged account.
1 Answer. The main difference between EUID and UID is 'UID' refers to the original user and EUID refers to the user you have changed into.
The effective user ID determines what level of access the current process has. When the effective user ID is zero (root), then the process has unrestricted access, for example.
The saved user ID ( suid ) is used when a program running with elevated privileges needs to do some unprivileged work temporarily; changing euid from a privileged value (typically 0 ) to some unprivileged value (anything other than the privileged value) causes the privileged value to be stored in suid .
The distinction between a real and an effective user id is made because you may have the need to temporarily take another user's identity (most of the time, that would be root, but it could be any user). If you only had one user id, then there would be no way of changing back to your original user id afterwards (other than taking your word for granted, and in case you are root, using root's privileges to change to any user).
So, the real user id is who you really are (the one who owns the process), and the effective user id is what the operating system looks at to make a decision whether or not you are allowed to do something (most of the time, there are some exceptions).
When you log in, the login shell sets both the real and effective user id to the same value (your real user id) as supplied by the password file.
Now, it also happens that you execute a setuid program, and besides running as another user (e.g. root) the setuid program is also supposed to do something on your behalf. How does this work?
After executing the setuid program, it will have your real id (since you're the process owner) and the effective user id of the file owner (for example root) since it is setuid.
The program does whatever magic it needs to do with superuser privileges and then wants to do something on your behalf. That means, attempting to do something that you shouldn't be able to do should fail. How does it do that? Well, obviously by changing its effective user id to the real user id!
Now that setuid program has no way of switching back since all the kernel knows is your id and... your id. Bang, you're dead.
This is what the saved set-user id is for.
I'll try to explain step by step with some examples.
Short background
Each process has its own 'Process credentials' which include attributes like PID, the PPID, PGID, session ID and also the real and effective user and group IDs:
RUID, EUID, RGID, EGID.
We'll focus on those.
Part 1: Understand UID and GID
Now I'll log into a shell with my credentials and run:
$ grep $LOGNAME /etc/passwd
rotem:x:1000:1000:rotem,,,:/home/rotem:/bin/bash
You can see my logname (rotem), the UID and GID which are both 1000, and other details like the shell I'm logged into.
Part 2: Understand RUID and RGID
Every process has an owner and belongs to a group. In our shell, every process that we'll now run will inherit the privileges of my user account and will run with the same UID and GID.
Let's run a simple command to check it:
$ sleep 10 & ps aux | grep 'sleep'
And check for the process UID and GID:
$ stat -c "%u %g" /proc/$pid/
1000 1000
Those are the real user ID (RUID) and real group ID (RGID) of the process.
(*) Check other options to view the UID and GID and ways to get this in a single line.
For now, accept the fact that the EUID and EGID attributes are 'redundant' and just equals to RUID and RGID behind the scenes.
Part 3: Understand EUID and EGID
Let's take the ping command as an example.
Search for the binary location with the which command then run ls -la:
-rwsr-xr-x 1 root root 64424 Mar 10 2017 ping
You can see that the owner and the group of the file are root. This is because the ping command needs to open up a socket and the Linux kernel demands root privilege for that.
But how can I use ping if I don't have root privilege?
Notice the 's' letter instead of 'x' in the owner part of the file permission.
This is a special permission bit for specific binary executable files (like ping and sudo) which is known as setuid.
This is where EUID and EGID come into play.
What will happen is when a setuid binary like ping executes, the process changes its Effective User ID (EUID) from the default RUID to the owner of this special binary executable file which in this case is - root.
This is all done by the simple fact that this file has the setuid bit.
The kernel makes the decision whether this process has the privilege by looking on the EUID of the process. Because now the EUID points to root, the operation won't be rejected by the kernel.
Notice: On latest Linux releases the output of the ping command will look different because of the fact that they adopted the Linux Capabilities approach instead of this setuid approach - for those who are not familiar - read here.
Part 4: What about SUID and SGID?
The Saved user ID (SUID) is being used when a privileged process is running (as root for example) and it needs to do some unprivileged tasks.
In that case, the effective UID (EUID) from before will be saved inside SUID and then changed to an unprivileged task. When the unprivileged task is completed, the EUID will be taken from the value of SUID and switch back to privileged account.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With