Actual user ID, valid user ID, and set user ID

Excerpted from http://blog.csdn.net/guosha/article/details/2679334

Actual user ID, valid user ID, and set user ID

Read UNIX-related books often encounter these concepts, but has not been properly to clarify these concepts, so that these concepts have been smattering. Today make a good distinction between these concepts and summarized as follows. Plainly, these UID leads are for the system's rights management.

The following are used Ruid, euid,suid to represent the actual user ID, a valid user ID, set the user ID. another user ID is an integer number, in order to illustrate the convenience of using the user name to represent the different UID. Let's explain how these IDs work:

Ruid, which is used to identify a user who is in the system, and when the user successfully logs in with a user name and password after a UNIX system is the only one to determine his ruid.

Euid, which is used by the system to determine user access to system resources, typically equals ruid.

SUID, for the opening of foreign rights. Unlike Ruid and Euid, which is a user binding, it is tied to a file rather than to a user.

Explain suid when a lot of books are briefly mentioned passwd this program, the following example to analyze. We know that the password for the Linux system exists in the/etc/shadow file. This file is so important that it's a good idea to back it up before making any changes. View the properties of the/etc/shadow file as follows:

[Email protected] ~]# Ll/etc/shadow

-R--------1 root root 1144 Jul 22:33/etc/shadow

As can be seen from the/etc/shadow file is a root user and the root group of files, and only Euid is the root of the user has Read permissions, all other euid do not have any permissions. When you try to open the file with vim under the shell of the Steve User (Euid, Steve), the permission is not allowed. As far as the root user has only Read permission I guess it is to discourage the root user from using the Vim class editor to modify it directly, and to use the passwd command to modify the file. If you want to modify it directly, you can use the chmod command to modify the property to be root, and then you can modify it.

People who have used Unix systems know that any user can use the passwd command to set their own password. But from the above already know, non-root memory is unable to read the file, then the average user is how to modify this file? We know passwd This command actually executes the program is/USR/BIN/PASSWD, view this file property as follows:

-r-s--x--x 1 root root 21944 Feb 2006/usr/bin/passwd;

The S-bit of the corresponding file access flag is the usual suid bit, and you can see that all users have the power to execute this program. When the Steve user executes the passwd command. The shell will fork out a subprocess, at which point the euid of the process is still Steve, and then the EXEC program/USR/BIN/PASSWD. EXEC will set the euid of the process to root based on the suid bit of/usr/bin/passwd, at which point the process is rooted and the permissions of the read-write/etc/shadow file are obtained, so that the user can complete the password modification. After exec exits, the Steve User's euid is restored to Steve. This will not allow the Steve user to always have root privileges.

We can test, with the root user to remove the/usr/bin/passwd suid bit, as follows:

[Email protected] ~]# LL/USR/BIN/PASSWD

-r-s--x--x 1 root root 21944 Feb 2006/usr/bin/passwd

[Email protected] ~]# chmod u-s/usr/bin/passwd

[Email protected] ~]# LL/USR/BIN/PASSWD

-r-x--x--x 1 root root 21944 Feb 2006/usr/bin/passwd

Then the Steve user with the command passwd to update the password will prompt the following error:

[Email protected] ~]$ passwd

Changing password for user Steve.

Changing password for Steve

(current) UNIX Password:

Passwd:authentication Token manipulation Error

[Email protected] ~]$

This is because after the suid of the/USR/BIN/PASSWD program is removed, the Steve user can execute the program, but because/usr/bin/passwd/'s suid is not set, the euid of the exec post process is still the reason for Steve.

Perhaps someone will find that the root user can still use the yongming to modify the password, it is because the root user's own euid is root (it is also possible to find that Ruid is root does not check euid, directly read and write, Root is the boss), you can read the password file.

In addition, perhaps someone will find ordinary file files ordinary text files will also be able to set the SUID bit, but this is meaningless, because the file file does not have place to perform seteuid () system call to change when using the user's euid.

Finally, the rule for the user ID here also applies to the group ID.

Actual user ID, valid user ID, and set user ID