Actual user ID and valid user ID of the Linux process

Source: Internet
Author: User

Transferred from: http://www.cnblogs.com/kunhu/p/3699883.html

Multiple user IDs and user group IDs are involved in the UNIX process, including the following:

1. Actual user ID and actual user group ID: identify who I am. That is, the UID and GID of the login user, such as my Linux with Simon Login, the actual user ID of all commands running on Linux is the UID of Simon, the actual user group ID is Simon's GID (can be viewed with the ID command).

2. Valid user ID and valid user group ID: processes are used to determine our access rights to resources. In general, a valid user ID equals the actual user ID, and the valid user group ID equals the actual user group ID. When set-user-id (SUID) bit is set, the valid user ID equals the UID of the owner of the file, not the actual user ID; Similarly, if the set-user group-id (SGID) bit is set, the valid user group ID equals the GID of the file owner, not the actual user group ID.

From: Apue (advanced UNIX Environment programming)

The UNIX system determines the process's access to system resources through the process's valid user ID and valid user group ID.

These concepts are still a comparison of the abstract, then write a small test program:

This program is very simple and there is nothing to say. We compile this program to generate the test program

The ID command sees the currently logged on user as root,uid=0,gid=0. With the LS command we can see that the test program is not set SUID and Sgid, the owner is root, and all the groups are root. Execute test we found that the valid user ID equals the actual user ID (0), the valid user group ID equals the actual user group ID (0).

You may notice the owner root of test, the group is also root, and the actual user, the actual user group is the same. Next we modify the test owner and the group, and look at the results.

As shown above, the valid user ID of the test process equals the actual user ID (0), and the valid user group ID equals the actual user group ID (0).

Next we set the test program to SUID

After discovering that the suid bit of the test program is set, the valid user ID of the test process equals the UID of the file owner (the UID of GKH is 500), and the valid user group ID is equal to the actual user group ID (0). This allows the program to access resources that only GKH can access.

Actual user ID and valid user ID of the Linux process

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.