In Linux, each process has two IDs: User ID and valid user ID. uid generally indicates the process creator (which user is created ), EUID indicates the process's access permissions to files and resources (which user has the same permissions ). You can use the getuid () and geteuid () functions or two ID values of the process. When a user logs on to the system, the system assigns both the UID and EUID to the uid in the/etc/passwd file. Generally, the two IDs are the same, however, in some cases, two IDs are different. The following describes the UID and EUID problems through a typical problem and code example. [Passwd command for Linux] The passwd command is used to modify the user's login password. The file used to record the user's login password is/etc/shadow. This file is only accessible to the root user, as follows: gaolu @ gaolu-desktop :~ $
Gaolu @ gaolu-desktop :~ $ CD/etc
Gaolu @ gaolu-desktop:/etc $ LS-l shadow
-RW-r ----- 1 root shadow 978 shadow
Gaolu @ gaolu-desktop:/etc $ there is a conflict: For security reasons, normal users are not allowed to view and modify the shadow file. However, normal users cannot change their passwords. In Linux, setuid is used to solve this problem: if a program is set with a setuid bit, it will have the permissions of the program owner no matter which user is enabled. The owner of the passwd program is the root user. The permissions of passwd are as follows. When any user executes the program, the EUID of the program will become the EUID of the root user, rather than the UID of the program. Gaolu @ gaolu-desktop:/etc $ CD/usr/bin
Gaolu @ gaolu-desktop:/usr/bin $ LS-l passwd
-Rwsr-XR-x 1 Root 32988 2008-06-10 passwd
Gaolu @ gaolu-desktop:/usr/bin $
Gaolu @ gaolu-desktop:/usr/bin $. Therefore, common users can modify the shadow file content through the passwd program to change the password. [Let the Code explain the problem] # include <stdio. h> # include <unistd. h> # include <sys/types. h> int main (void) {printf ("current process uid: % LD/N", (long) getuid (); printf ("current process EUID: % LD/N ", (long) geteuid (); return 1;} execution status: gaolu @ gaolu-desktop :~ $ Gcc-O uid. cgaolu @ gaolu-desktop :~ $
Gaolu @ gaolu-desktop :~ $ Chmod U + S uid // The user master adds the setuid permission
Gaolu @ gaolu-desktop :~ $ LS-l uid
-Rwsr-XR-x 1 gaolu 9118 uid
Gaolu @ gaolu-desktop :~ $
Gaolu @ gaolu-desktop :~ $./Uid
Current process uid: 1000
Current process EUID: 1000
Gaolu @ gaolu-desktop :~ $
Gaolu @ gaolu-desktop :~ $ Su // switch to the root user
Password:
Root @ gaolu-desktop:/home/gaolu # ls-l uid
-Rwsr-XR-x 1 gaolu 9118 uid
Root @ gaolu-desktop:/home/gaolu #./uid
Current process uid: 0
Current process EUID: 1000 // valid user ID is 1000
Root @ gaolu-desktop:/home/gaolu #
Root @ gaolu-desktop:/home/gaolu #
This article from the "indifferent to Mingzhi, quiet to far" blog, please be sure to keep this source http://keren.blog.51cto.com/720558/144908
