Introduction to Linux process programming (III)

Article title: Introduction to Linux process programming (3 ). Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Abstract: This section describes some special operations on processes. With these operations, the process programming is improved and more practical programs can be compiled. The main content is to get various process IDs, set the user ID of the process, change the working directory of the process, change the root of the process, and change the priority value of the process.
　　
3. Special process operations
　　
The previous section describes some basic operations related to processes, such as process generation, process termination, process execution image change, and waiting for sub-process termination. This section describes some special operations related to processes. With these operations, the process programming is improved and more practical programs can be compiled.
　　
The main content is to get various process IDs, set the user ID of the process, change the working directory of the process, change the root of the process, and change the priority value of the process.
　　
3.1 obtain the process-related ID
　　
Process-related IDs include:
　　
Real user ID (UID): This ID is used to identify the user who runs the process.
Valid user ID (EUID ): the ID identifies the user identity used to assign ownership to the newly created process, check the file access permission, and check the permission to send soft interrupt signals to the process by calling kill.
Real User Group ID: ID of the group to which the user is responsible for identifying the running process.
Valid user group ID (EGID): used to identify the user group to which the current process belongs. It may be different from gid because the set-gid bit is set in the execution file.
Process ID (PID): used to identify a process.
Process group ID: A process can belong to a process group. It can send signals to a group of processes. Note that it is different from gid. When the preceding system calls the pid parameter specified in wait, the process Group concept is used.
If you want to obtain the user id of a process, call it with getuid. Geteuid is used to obtain the valid user ID of a process. The difference between a valid user ID and a real user ID is caused by setting the set-uid bit in the execution file. The two call formats are as follows:
　　
?? Uid_t getuid (void );
?? Uid_t geteuid (void );
　　
Add the following header files to programs that use these two calls:
　　
?? # Include
?? # Include
　　
To obtain the user group ID of the running process, call getgid to obtain the real user group ID, and use getegid to obtain a valid user group ID. The difference between gid and egid is caused by the set-gid bit in the execution file. The two call formats are as follows:
　　
?? Gid_t getgid (void );
?? Gid_t getegid (void );
　　
Add the following header files to programs that use these two calls:
　　
?? # Include
?? # Include
　　
To obtain the ID of a process, use getpid. to obtain the ID of the parent process of the process, use getppid. The two call formats are as follows:
　　
?? Pid_t getpid (void );
?? Pid_t getppid (void );
　　
Add the following header files to programs that use these two calls:
　　
?? # Include
　　
To obtain the ID of the group to which the process belongs, call getpgrp. to obtain the ID of the group to which the specified PID process belongs, call getpgid. The two call formats are as follows:
　　
?? Pid_t getpgrp (void );
?? Pid_t getpgid (pid_t pid );
　　
Add the following header files to programs that use these two calls:
　　
?? # Include
　　
Note the difference between gid and pgrp. Generally, the group ID of the user executing the process is the gid of the process. if the execution file sets the set_gid bit, the group ID of the file is the gid of the process. For the process Group ID, generally, if a process is executed in shell, the shell program assigns the PID of the process to the process Group ID, all child processes derived from this process have the process Group ID of the parent process, unless the parent process sets the group ID of the child process to the same as the PID of the child process. Since these calls are easy to use, we will not give an example here.
　　
3.2 setuid and setgid system call
　　
We have discussed how to get uid and gid. now let's take a look at how to set them. Before talking about these two calls, let's take a look at the effect of setting the set_uid bit for the file. We first compiled a small program for testing. This program prints the uid and euid of the process and opens a file named tty. c. If it cannot be opened, the error code is displayed. if it is opened, the opening is successful. Assume that the program name is uid_test.c:
　　
?? /* Uid_test.c */
?? # Include
?? # Include
?? # Include
?? # Include
?? # Include
?? # Include
?? Extern int errno;
　　
?? Int main ()
?? {
?? Int fd;
?? Printf ("This process's uid = % d, euid = % d", getuid (), geteuid ());
?? If (fd = open ("tty. c", O_RDONLY) =-1)
?? {
???? Printf ("Open error, errno is % d", errno );
???? Exit (1 );
??}
?? Else
?? {
???? Printf ("Open success ");
??}
??}
　　
The following lists the directories of these files. we can see that the access permission of the tty. c file is only accessible to the owner root.
　　
?? [Wap @ wapgw/tmp] $ ls-l
?? Total 3
?? -Rw ------- 1 root 0 May 31 16: 15 tty. c
?? -Rwxr-xr-x 1 root 14121 May 31 uid_test
?? -Rw-r -- 1 root 390 May 31 16:15 uid_test.c
?? [Wap @ wapgw/tmp] $
　　
The user wap (500) in the system executes the program as the root user:
　　
?? [Root @ wapgw/tmp] #./uid_test
?? This process's uid = 0, euid = 0
?? Open success
?? [Root @ wapgw/tmp] #
　　
Run the su command to go to the user wap and run the program.
　　
?? [Root @ wapgw/tmp] # su wap
?? [Wap @ wapgw/tmp] $./uid_test
?? This process's uid = 500, euid = 500
?? Open error, errno is 13
?? [Wap @ wapgw/tmp] $
　　
This is because the uid of the process is 500 (wap) and there is no access to the tty. c file, so an error occurs.
　　
Set the set-uid bit for the program file
　　
?? [Root @ wapgw/tmp] # chmod 4755 uid_test
　　
Go to the user wap and run the uid_test program.
　　
?? [Wap @ wapgw/tmp] $./uid_test
?? This process's uid = 500, euid = 0
?? Open success
?? [Wap @ wapgw/tmp] $
　　
We can see from the above that the euid printed by the process is 0 (root), and the user running the process is 500 (wap ). Because the euid of the process is root, the file tty. c is successfully opened.
　　
The example above illustrates two facts: first, the kernel checks the permission of the process access file by checking the valid user ID of the process; second, when executing a program that sets the set_uid bit, the kernel sets the valid user ID in the process entry and in the u area to the ID of the file owner. To distinguish the euid in the entry and the euid in the u area, we call the euid field in the entry as the saved user ID ).
　　
Let's take a look at the two calls. The declaration format of the call is as follows:
　　
?? Int setuid (uid_t uid );
?? Int setgid (gid_t gid );
　　
Add the following header file to the program using these two calls:
　　
?? # Include
　　
Call setuid to set the real and valid user IDs for the process currently calling. The uid parameter is a new user ID number (this ID number should exist in the/etc/passwd file ). If the valid user ID of the process sending the call is a superuser, the kernel sets the real user ID and valid user ID in the process and area u as the parameter uid. If the valid user ID of the called process is not a superuser, the kernel will execute the code according to the specified uid parameter, if the value of the specified parameter uid is the real user ID or the saved user ID, the kernel changes the valid user ID in the u area to the parameter uid. otherwise, an error is returned for this call. When the call is successful, the returned value is 0. When an error occurs,-1 is returned, and the error code errno is set. The following is a common error code:
　　
EPERM: the user is not a superuser, and the specified parameter uid does not match the real user ID of the called process or the saved user ID.
Call setgid to set the real and valid user group ID of the currently called process. This call allows the process to specify the user group ID of the process as the gid parameter. if the valid user ID of the process is not a superuser, the gid parameter must be equal to one of the real user group IDs and valid user group IDs. If the valid user ID of a process is a superuser, you can specify any existing user group ID (which exists in the/etc/group file ).
　　
Note: Be especially careful with the setuid program. when the euid of a process is a superuser, if the setuid of the process is sent to another user, the superuser's power cannot be obtained. We may use this call in this way. a program requires the root power to complete the work, but the subsequent work does not need the root power. therefore, we set the set_uid bit for the execution file of the program and make the owner of the execution file root. in this way, the process starts with the root permission, where the root permission is no longer needed, use setuid (getuid) to restore the uid and euid of a process. Pay attention to setting the set_uid bit for executable files, especially for those with the root owner. Because root in LINUX has any power. Improper use may cause great damage to system security.
　　
3.3 setpgrp and setpgid system call
　　
These two calls are used to set the process group ID. the declaration format is as follows:
　　
?? Int setpgrp (void );
?? Int setpgid (pid_t pid, pid_t pgid );
　　
Add the following header file to the program using these two calls:
　　
# Include
　　
Call setpgrp to set the process Group ID of the process that sends the call to be equal to the PID of the process. Note: all sub-processes derived from this process will have the ID of this process Group (unless you modify the ID of the sub-process group ).
　　
Call setpgid to set the process Group ID of the process whose process number is pid to the pgid parameter. If the pid is 0, modify the ID of the process group that calls the process. If the pgid parameter is 0, change the process whose process number is pid