Actual user ID in Unix/linux, valid user ID and save settings User ID

Real User id: Actual username, refers to who the process performer is

Effective User ID: Valid user ID, which is the access to the file when the process executes

Saved Set-user-id: Save the Set User ID as a copy of the effective user ID, which restores the original Effectiv user ID when the exec call is performed.

The above three IDs are relative to the process.

Set-user-id: Sets the user ID, which is relative to the file. An executable program with a set-user-id bit is set, and when executed, the effective user ID and saved Set-uesr-id of the process are the IDs of the users to which the program files belong. Some times the real user ID and the effective user ID are not necessarily equal. Such programs are called SUID procedures, which have special uses. Typical examples: passwd programs, ping programs, etc.

The passwd program is to modify the user's password, either by modifying the/etc/passwd or modifying the/etc/shadow file (when necessary), whereas the general user does not have permission to modify the two files. The passwd program has the Set-user-id bit set, And all of the files are root, so the general user, when executed, also has the root permission.

The same is true for pinging, because the ping program produces the original socket (raw), so it requires root permissions. However, the average user is able to ping the program because all of the ping programs are root and it has a set-user-id bit set.

To set the Set-user-id bit for an executable program:

pds@fssr:~> su Root

Password:

FSSR:/HOME/PDS # chown Root suid

FSSR:/HOME/PDS # ll Suid

-rwxr-xr-x 1 root users 7702 2008-08-10 11:28 suid

FSSR:/HOME/PDS # chmod U+s suid

FSSR:/HOME/PDS # ll Suid

-rwsr-xr-x 1 root users 7702 2008-08-10 11:28 suid

FSSR:/HOME/PDS # Exit

Exit

In contrast, there is no executable program that sets the Set-user-id bit, called a suid program, when the program executes, the real user ID is equal to the effective user ID.

Setuid can modify the three values of the real user id,effective user ID and saved Set-user-id, but use permissions.

This is the function prototype:

int setuid (uid_t uid)

1. If the user (the user currently calling) has Superuser privileges, the real user id,effective user ID and saved Set-user-id are set to the value of the parameter UID.

2. If the user does not have superuser privileges, only if the parameter UID equals the real user ID or saved Set-user-id, the effective user ID is set to the value of the parameter UID, and the real user ID and saved set-user-id are unchanged; Otherwise, an error is returned.

This is a summary of your own understanding ^_^