[APUE] Process Control (lower) and apue Process Control
1. Change the user ID and group ID
You can use setuid to set the actual user ID and valid user ID. You can use the setgid function to set the actual group ID and valid group ID.
# Include <sys/types. h> # include <unistd. h> int setuid (uid_t uid); int setgid (gid_t gid); Return Value: Success is 0, error is-1
Rules for changing user IDs.
- If the process has the root privilege, the setuid function sets the actual user ID, valid user ID, and saved settings-user-ID to uid.
- If the process does not have the root permission, but the uid is equal to the actual user ID or the saved settings-user-ID, setuid only sets the valid user ID as uid. Do not change the actual user ID and saved settings-user-ID.
- If neither of the preceding conditions is met, errno is set to EPERM and an error is returned.
Assume that _ POSIX + _ SAVED_IDS is true. If this function is not provided, the saved settings-user-ID mentioned above are invalid.
Pay attention to the following three user IDs maintained by the kernel:
- Only the root user can modify the actual user ID. Generally, the actual user ID is set by the login program during user logon and will never be changed. Because the login process is a root process, when it calls setuid, it sets all three user IDs.
- Only when the user-ID bit is set for the program file, the exec function sets a valid user ID. You can call setuid at any time to set the valid user ID to the actual user ID or the saved settings-user-ID. Naturally, valid user IDs cannot be set to any random value.
- Saved settings-user-ID is copied by exec from a valid user ID. After exec sets a valid user id based on the user ID of the file, the copy is copied and saved.
The following table lists the methods for changing these three user IDs.
1. setreuid and setregid Functions
4.3 + BSD supports the setregid function, which is used to exchange values of the actual user ID and valid user ID.
#include <sys/types.h>#include <unistd.h>int setreuid(uid_t ruid, uid_t euid);int setregid(gid_t rgid, gid_t egid);
A non-privileged user can always exchange actual user IDs and valid user IDs. This allows a set-user-ID program to be converted to a general user-only permission, and then you can switch back to the set-user-ID to obtain a large additional permission.
2. seteuid and setegid Functions
These two functions only change the valid user ID and valid group ID.
# Include <sys/types. h> # include <unistd. h> int seteuid (uid_t uid); int setegid (gid_t gid); Return Value: Success is 0, error is-1
A non-authorized user can set a valid user ID to the actual user ID to obtain the saved settings-user-ID. A privileged user can set a valid user ID to uid.
3. Group ID
Everything described above applies to each group ID in a similar way. Adding a group ID is not affected by the setgid function.
Ii. interpreter File
The interpreter file is the shell script in linxu. This type of file is a text file, and its starting line is in the form:
#! pathname [optional-argument]
Spaces between exclamation points and pathnames are optional. The most common one is to start with the following lines:
#! /bin/sh
Pathname is usually an absolute PATH name, which does not have any special processing (PATH search is not applicable ).
Many systems have a maximum length (32 characters) on the first line of the interpreter file ). This includes #! , Pathname, optional parameters, and number of spaces.
Iii. system functions
Ansi c defines the system function
#include <stdlib.h>int system(const char *cmdstring);
If struct string is a null pointer, system returns a non-zero value only when the command processing program is available. This feature determines whether the system function is supported on a given operating system.
System calls fork, exec, and waitpid in its implementation, so there are three return values:
(1) If fork fails or waitpid returns an error other than EINTR, system returns-1 and errno sets the error type.
(2) If exec fails (the shell cannot be executed), the return value is the same if the shell executes exit (127.
(3) If all three functions are successful, the return value of system is the termination state of shell. If a process is running with a special permission (set-user-I d or set-group-I D), it wants to generate another process to execute another program, then it should directly use fork and exec, and should be changed back to general permission after fork and before exec. Set-user-I d or set-group-I D programs should never call the system function.
4. process time
Any process can call the times function to obtain the clock time, user CPU time, and system CPU time of itself and its subprocesses.
# Include <sys/times. h> clock_t times (struct tms * buf); Return: the clock time that passes through if the call succeeds, and-1 if the call fails
This function is a tms structure directed by the buf. The structure is defined as follows:
Struct tms {clock_t tms_utime;/* User CPU time */clock_t tms_stime;/* system CPU time */clock_t tms_cutime;/* termination sub-process user CPU time */clock_t tms_cstime; /* end the CPU time of the sub-process system */}
This structure has no clock time. Instead, the times function returns the clock time as the function value. This is relative to a time point in the past, so the relative value should be used instead of its absolute value. For example, call times to save the returned value. Call times again at a later time and subtract the previously returned value from the returned value. The difference is the clock time.
All clock_t values returned by the sub-function are converted to seconds using _ SC _CLK_TCK (the number of clock drops per second returned by the sysconf function.