Partial preview of the text
Download UNIX and Linux System Administration and more Schemes and Mind Maps Linux skills in PDF only on Docsity!
UID and EUID: real and effective user ID See this page for more information about UIDs. A process’s UID is the user identification number of the person who created it, or more accurately, it is a copy of the UID value of the parent process. Usually, only the creator (aka, the owner) and the superuser can manipulate a process. See this page for more information about setuid execution. The EUID is the “effective” user ID, an extra UID that determines what resources and files a process has permission to access at any given moment. For most processes, the UID and EUID are the same, the usual exception being programs that are setuid. Why have both a UID and an EUID? Simply because it’s useful to maintain a distinction between identity and permission, and because a setuid program might not wish to operate with expanded permissions all the time. On most systems, the effective UID can be set and reset to enable or restrict the additional permissions it grants. Most systems also keep track of a “saved UID,” which is a copy of the process’s EUID at the point at which the process first begins to execute. Unless the process takes steps to obliterate this saved UID, it remains available for use as the real or effective UID. A conservatively written setuid program can therefore renounce its special privileges for the majority of its execution and access them only at the points where extra privileges are needed. A Linux also defines a nonstandard FSUID process parameter that controls the determination 44> of filesystem permissions. It is infrequently used outside the kernel and is not portable to other UNIX systems.