Actual user ID and valid user ID of the Linux process

Transferred from: http://www.cnblogs.com/kunhu/p/3699883.html

Multiple user IDs and user group IDs are involved in the UNIX process, including the following:

1. Actual user ID and actual user group ID: identify who I am. That is, the UID and GID of the login user, such as my Linux with Simon Login, the actual user ID of all commands running on Linux is the UID of Simon, the actual user group ID is Simon's GID (can be viewed with the ID command).

2. Valid user ID and valid user group ID: processes are used to determine our access rights to resources. In general, a valid user ID equals the actual user ID, and the valid user group ID equals the actual user group ID. When set-user-id (SUID) bit is set, the valid user ID equals the UID of the owner of the file, not the actual user ID; Similarly, if the set-user group-id (SGID) bit is set, the valid user group ID equals the GID of the file owner, not the actual user group ID.

From: Apue (advanced UNIX Environment programming)

The UNIX system determines the process's access to system resources through the process's valid user ID and valid user group ID.

These concepts are still a comparison of the abstract, then write a small test program:

This program is very simple and there is nothing to say. We compile this program to generate the test program

The ID command sees the currently logged on user as root,uid=0,gid=0. With the LS command we can see that the test program is not set SUID and Sgid, the owner is root, and all the groups are root. Execute test we found that the valid user ID equals the actual user ID (0), the valid user group ID equals the actual user group ID (0).

You may notice the owner root of test, the group is also root, and the actual user, the actual user group is the same. Next we modify the test owner and the group, and look at the results.

As shown above, the valid user ID of the test process equals the actual user ID (0), and the valid user group ID equals the actual user group ID (0).

Next we set the test program to SUID

After discovering that the suid bit of the test program is set, the valid user ID of the test process equals the UID of the file owner (the UID of GKH is 500), and the valid user group ID is equal to the actual user group ID (0). This allows the program to access resources that only GKH can access.

Actual user ID and valid user ID of the Linux process