Each process in a Linux system has 2 IDs, a user ID and a valid user Id,uid, which typically represents the creator of the process (which user created), and Euid represents the process's access to files and resources (with the same permissions as the user). You can use the function Getuid () and Geteuid () or the process's two ID values. When a user logs on to the system, the UID and Euid are assigned to the UID in the/etc/passwd file, typically 2 IDs are the same, but in some cases 2 IDs are different. The following is a typical problem and code example to illustrate the issue of UID and Euid. The "passwd command on Linux" passwd command is used to modify user login password, the file used to record user login password is/etc/shadow, the file only root has access rights, as follows: gaolu@gaolu-desktop:~$
gaolu@gaolu-desktop:~$ cd/etc
gaolu@gaolu-desktop:/etc$ Ls-l Shadow
-rw-r-----1 root Shadow 978 2009-02-22 21:25 Shadow
Gaolu@gaolu-desktop:/etc$ This is a paradox: for security reasons, ordinary users are not allowed to view and modify shadow files, but if this is the case, ordinary users cannot modify their passwords for themselves. Linux systems use setuid to solve this paradox: If a program is set to a setuid bit, it will have the permissions of the program owner regardless of which user is enabled. The owner of the passwd program is the root user, and passwd's permissions are as follows, so any user executing the program, the Euid of the program becomes the euid of the root user, not the UID of the program. gaolu@gaolu-desktop:/etc$ Cd/usr/bin
gaolu@gaolu-desktop:/usr/bin$ ls-l passwd
-rwsr-xr-x 1 root root 32988 2008-06-10 02:10 passwd
gaolu@gaolu-desktop:/usr/bin$
gaolu@gaolu-desktop:/usr/bin$ Therefore, ordinary users can modify the contents of the shadow file through the passwd program and complete the password modification. "Let code explain the problem" #include <stdio.h> #include <unistd.h> #include <sys/types.h> int main (void) {printf (" Current process UID:%ld\n ", (long) getuid ()); printf ("Current process euid:%ld\n", (long) geteuid ()); return 1; Performance: gaolu@gaolu-desktop:~$ gcc-o uid UID.C gaolu@gaolu-desktop:~$
gaolu@gaolu-desktop:~$ chmod u+s UID//increase permissions with head of household setuid
gaolu@gaolu-desktop:~$ ls-l UID
-rwsr-xr-x 1 gaolu gaolu 9118 2009-03-08 UID
gaolu@gaolu-desktop:~$
gaolu@gaolu-desktop:~$./uid
Current Process uid:1000
Current Process euid:1000
gaolu@gaolu-desktop:~$
gaolu@gaolu-desktop:~$ su//switch to root user
Password:
root@gaolu-desktop:/home/gaolu# ls-l UID
-rwsr-xr-x 1 gaolu gaolu 9118 2009-03-08 UID
root@gaolu-desktop:/home/gaolu#./uid
Current Process uid:0
Current process euid:1000//valid user ID is 1000
root@gaolu-desktop:/home/gaolu#
root@gaolu-desktop:/home/gaolu#
This article from the "Chih, Quiet Zhiyuan" blog, please be sure to keep this source http://keren.blog.51cto.com/720558/144908
