Linux System Learning notes: No dead Corner understanding saved settings User ID, set user ID bit, valid user ID, actual user ID

Source: Internet
Author: User

First, the basic concept

actual user ID (ruid): used to identify who the user is in a system, usually after logging in, is uniquely determined, is the UID of the logged-on user.

Valid User ID (EUID): used by the system to determine the user's permissions on system resources, that is, when the user does any action, the end of the view that it has no permissions, is to determine whether a valid user ID has permissions. If there is, OK, otherwise the error can not be executed. Under normal circumstances, after a user logs in (assuming a user), a user's valid user ID and the actual user ID are the same, but if a user wants to perform some privileged operations in some scenarios, can it be executed smoothly? The above refers to the user's task operation, the Linux kernel by verifying the valid user ID to determine whether the user currently performing this operation has permissions. The A user here wants to perform a privileged operation, and a user does not have this permission, so a user can only modify the current valid user ID to have permission to perform privileged operations by means of a certain method.

Here's a short sentence: Why modify a process's valid user ID to be able to perform some privileged operations at some point.

Set the user ID bit: Open for external permissions, which is used to modify the valid user ID to be performed, giving the process temporary privileges.

Saved Settings User id: is a copy of a valid user ID, and since it is a copy of a valid user ID, it must be useful for recovering a valid user ID later.

This involves a lot of IDs, by looking at who these IDs belong to:

Here is the file set user ID bit, this ID is only a binary bit, in the file stat structure of the St_mode member, for the general file, the bit is invalid, only the executable file that bit is set to valid.

Ii. ways to change three user IDs

The following figure shows how to change the actual user ID, the valid user ID, and the saved set user ID.

Another picture looks at the ID of the file and the corresponding relationship of the ID of the process to the permission access. For a normal file, there are three IDs, and these three IDs correspond to three groups of permissions that control the process's access to the file.

Note that the ID is not an int or an identity, he is the label of an operating system user, and all processes created by that user are the ID.

For Linux systems, when a user logs in, a file is created, and the user ID of that file is the ID of the user. All processes created by the user can access this file because the actual user ID and valid user ID of the process created by the user are the IDs of the user. However, when a user creates a process to access the files created by other users, it is necessary to use the change of the valid user ID to have access to the file.

Linux System Learning notes: No dead Corner understanding saved settings User ID, set user ID bit, valid user ID, actual user ID

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.