Linux User id uid and valid user ID EUID

Source: Internet
Author: User

In Linux, each process has two IDs: User ID and valid user ID. uid generally indicates the process creator (which user is created ), EUID indicates the process's access permissions to files and resources (which user has the same permissions ). You can use the getuid () and geteuid () functions or two ID values of the process. When a user logs on to the system, the system assigns both the UID and EUID to the uid in the/etc/passwd file. Generally, the two IDs are the same, however, in some cases, two IDs are different. The following describes the UID and EUID problems through a typical problem and code example. [Passwd command for Linux] The passwd command is used to modify the user's login password. The file used to record the user's login password is/etc/shadow. This file is only accessible to the root user, as follows: gaolu @ gaolu-desktop :~ $
Gaolu @ gaolu-desktop :~ $ CD/etc
Gaolu @ gaolu-desktop:/etc $ LS-l shadow
-RW-r ----- 1 root shadow 978 shadow
Gaolu @ gaolu-desktop:/etc $ there is a conflict: For security reasons, normal users are not allowed to view and modify the shadow file. However, normal users cannot change their passwords. In Linux, setuid is used to solve this problem: if a program is set with a setuid bit, it will have the permissions of the program owner no matter which user is enabled. The owner of the passwd program is the root user. The permissions of passwd are as follows. When any user executes the program, the EUID of the program will become the EUID of the root user, rather than the UID of the program. Gaolu @ gaolu-desktop:/etc $ CD/usr/bin
Gaolu @ gaolu-desktop:/usr/bin $ LS-l passwd
-Rwsr-XR-x 1 Root 32988 2008-06-10 passwd
Gaolu @ gaolu-desktop:/usr/bin $
Gaolu @ gaolu-desktop:/usr/bin $. Therefore, common users can modify the shadow file content through the passwd program to change the password. [Let the Code explain the problem] # include <stdio. h> # include <unistd. h> # include <sys/types. h> int main (void) {printf ("current process uid: % LD/N", (long) getuid (); printf ("current process EUID: % LD/N ", (long) geteuid (); return 1;} execution status: gaolu @ gaolu-desktop :~ $ Gcc-O uid. cgaolu @ gaolu-desktop :~ $
Gaolu @ gaolu-desktop :~ $ Chmod U + S uid // The user master adds the setuid permission
Gaolu @ gaolu-desktop :~ $ LS-l uid
-Rwsr-XR-x 1 gaolu 9118 uid
Gaolu @ gaolu-desktop :~ $
Gaolu @ gaolu-desktop :~ $./Uid
Current process uid: 1000
Current process EUID: 1000
Gaolu @ gaolu-desktop :~ $
Gaolu @ gaolu-desktop :~ $ Su // switch to the root user
Password:
Root @ gaolu-desktop:/home/gaolu # ls-l uid
-Rwsr-XR-x 1 gaolu 9118 uid
Root @ gaolu-desktop:/home/gaolu #./uid
Current process uid: 0
Current process EUID: 1000 // valid user ID is 1000
Root @ gaolu-desktop:/home/gaolu #
Root @ gaolu-desktop:/home/gaolu #

This article from the "indifferent to Mingzhi, quiet to far" blog, please be sure to keep this source http://keren.blog.51cto.com/720558/144908

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.