Linux deep understanding of process permissions _linux Shell

Linux Process Permissions Analysis

In Linux, about file permissions, most people contact more, but also more familiar with the understanding. But there is little knowledge of process permissions. This article summarizes the Linux system under the process permissions issues and phenomena.

It should be emphasized that this article is discussed under Linux, because Linux and Unix have many different places, and there are many different UNIX systems.

Let's get straight to the point. List this article Discussion object: Ruid (actual user id:real userid), Euid (valid user user: effective UserID), Suid (save user id:saved UserID), Fuid (file system user ID).

In addition to the top 4, it involves a bit to set the user ID bit (set User ID bit), which is what we usually call the rwx outside of the S-sign bit.

In addition, this article mainly discusses the same userid,groupid rules, such as Rgid, Egid, Sgid, Fgid, etc., this article does not do the group ID of the repeated discussion.

First, there are two ways to look at the several UID methods: the PS command (ps-ax-o ruid-o euid-o suid-o fuid-o pid-o) lists the UID, and the status file, fname Status | grep Uid).

This article creates 5 test user TEST1~TEST5 for use in this article for sample discussion, representing common rights users.

One: File owner user and program performer user is the same user

int main (int argc, char *argv[])
{while
  (1) sleep (1);
}
  $>g++ main.cpp-o a.out
  
  $>ll
  -rwxr-xr-x. 1 test1 test 6780 Sep 15:32 a.out
  file owner is test1, we use the Test1 user to execute a . Out program
  $>su test1
  $>./a.out & $>ps-ax-o ruid-o euid-o suid-o fuid-o pid-o fname
  | grep A. Out
  502  502  502  502 3192 a.out
   (see result is 4 uid all test1;)
  now we're going to use the Test2 user to execute the TEST1 program to see the results.
  $su test2
  503  503  503  503 3234 a.out
  and then execute
  0   0   0   0 3257 with root user A.out

Seeing this result, we can basically sum up:
In common cases. These four IDs are only affected by the execution user and are not affected by the owner of the file. And all four UID equals the ID of the executing user;

Second, the transfer of authority to other users. Non-root users cannot assign permissions to other users, and only root users can sell them.

int main (int argc, char *argv[]) {if (setuid (503) < 0) perror ("setuid error");
while (1) sleep (1); } $>ll-rwxr-xr-x.
  1 test1 Test 6780 Sep 15:32 a.out uses the root user to perform $>./a.out viewing status, and all UID becomes test2 user. 503 503 503 503 3592 a.out Change the code setuid to Seteuid function, will euid and Fuid to test2 users 0 503 0 503 3614 the code a.out to
The Setfsuid function will change the fuid to test2 user 0 0 0 503 3636 a.out When the code is changed to the following if (Seteuid (503) < 0) perror ("Seteuid error");
if (Setfsuid (504) < 0) perror ("Setfsuid error");
  while (1) sleep (1);
Or if (Setfsuid (504) < 0) perror ("Setfsuid error");
if (Setfeuid (503) < 0) perror ("Seteuid error");
  while (1) sleep (1); Execute with root user, get all the same results 0 503 0 503 3614 a.out Here I would like to sum up: 1, setuid and Seteuid are different, setuid is a permanent waiver of root user rights, transfer to non-root users, can not
To restore to root, Seteuid is temporarily discarding root privileges and can be Seteuid (0), restore to root.
This should be a well-known feature, this article does not give examples of demonstrations. 2, Seteuid will also change the Euid and Fuid are set for the Euid value.
3, the root user can change the rights user by calling Setxxuid. Non-root users are not able to change and transfer permissions to users.

Keep looking. Influence of S permission bit on process permissions

The third, s sign bit influence is Euid,suid, and Fuid

int main (int argc, char *argv[])
{while
  (1) sleep (1);
}
  $>g++ main.cpp
  $>ll
   -rwxr-xr-x. 1 test1 test 6780 Sep 18:18 a.out $>chmod
  u+s a.out
  $>ll
   -rwsr-xr-x. 1 test1 Test 6780 Sep 18:18 a.out

  with root user, view user ID
  0  502  502 502 4133

s permission bit the most classic case is the passwd command

Let's take a look at their impact on file permissions, build a ruid,euid, and Fuid are different, and see which uid the file owner is created

Four, the impact of user file permissions is Fuid, not euid, the UID is a unique feature of Linux, Unix systems rely on EUID to determine user rights.

int main (int argc, char *argv[])
{
  if (Setfsuid (503) < 0) perror ("Setfsuid error");
  FILE * fp = fopen ("Test.log", "A +");
  if (fp = = NULL)
  {
    perror ("fopen error");
  }
  else
  {
    fclose (FP);
  }
  while (1) sleep (1);
}
  Using the S permission bit, the file owner is root, the performer is test1, and the fuid is changed to test2, thus constructing the same 3 UID sections to facilitate observation
 $>LL
  -RWS---r-x. 1 root root 7397 Sep 18:53 a.out
 Run View status ruid for Test1,euid root,fuid for Test2 502   0   0  503
 4240 a.out $>ll
  -RWS---r-x. 1 root 7397 Sep 18:53 a.out-rw-rw-r
  --. 1 test2 test  0 Sep 18:54 Test.log

The inheritance of permissions, when using the fork subprocess, the child processes all inherit the parent process four UID, the same as the parent process UID

When using the EXEC series function, the suid is placed as euid.

Thank you for reading, I hope to help you, thank you for your support for this site!