Menu
Real UID, effective UID, and some systems even have a "saved UID". What's the purpose of all these, especially the last one?
251
Effective UID This UID is used to evaluate privileges of the process to perform a particular action. EUID can be changed either to RUID, or SUID if EUID!= 0. If EUID=0, it can be changed to anything.
Unix-like operating systems identify a user by a value called a user identifier, often abbreviated to user ID or UID. The UID, along with the group identifier (GID) and other access control criteria, is used to determine which system resources a user can access. The password file maps textual user names to UIDs.
So, the real user id is who you really are (the one who owns the process), and the effective user id is what the operating system looks at to make a decision whether or not you are allowed to do something (most of the time, there are some exceptions).
The root account has the awesome privilege of having UID = 0 and GID = 0. These numbers are what give the root account its overwhelming power.
The real uid is the id of the user that launched a process.
The effective uid typically is the same as the real uid. It is different only if:
the executable had the set-uid bit set, and the executable owner is different than the user calling it
or if a set-uid process calls setuid(2). If the process has superuser privileges, any argument to setuid(2) is allowed (but then all *-uids get set to the same value); otherwise, setuid(2) can be called with the real-uid or the effective-uid or the saved-uid.
The saved-uid is the effective-uid the process had when it started, and it's saved in order to be allowed as an argument to the various set*uid system calls.
Note that a process with superuser privilege calling setuid(2) to change its effective uid will also have the real uid and saved uid changed to the same value, so the non-POSIX seteuid(2) should be used instead.
All of the above apply to (real|effective|saved) group ids too.
22
Each UNIX process has 3 UIDs associated to it. Superuser privilege is UID=0.
Real UID
This is the UID of the user/process that created THIS process. It can be changed only if the running process has EUID=0.
Effective UID
This UID is used to evaluate privileges of the process to perform a particular action. EUID can be changed either to RUID, or SUID if EUID!=0. If EUID=0, it can be changed to anything.
Saved UID
If you run an executable with the set-UID bit set, then the resulting running process will start off with a real UID of the real user running it, and an effective and saved UID of the owner of the executable file. If the process then calls setuid() or seteuid() to change their effective UID, they can still get back their original privileges again thanks to the saved UID. If the set-UID bit is not set, SUID will be the RUID.
92
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
