Process control-Change User ID and group ID

1. Change the user ID and group ID

1.1. Set the user ID and group ID

There are 6 or more IDs associated with the process, as shown below:

Actual user ID	Who are we actually?
Actual group ID
Valid user ID	Used to check File Access Permissions
Valid group ID
Additional group ID
Saved Set User ID	Saved By exec Function
ID of the Set Group to save

The actual user ID and the actual group ID identify who we are. These two fields are taken from the logon entry in the password file during logon.

The valid user ID, valid group ID, and additional group ID determine the file access permissions.

The saved set user ID and the saved set group ID contain a copy of the valid user ID and valid group ID when executing a program.

When executing a program file, the valid user ID of the process is usually the actual user ID, and the valid group ID is the actual group ID. However, if you set a special flag in the file mode word (st_mode), it means "when you execute this file, set the valid user ID of the process to the user ID (se_uid) of the file owner) ". Similarly, if another bit is set in the file mode word (st_mode), it sets the valid group ID of the Process executing the file to the file group owner ID (se_gid ). The two characters in the file mode are called set-user-ID and set-group-id ).

1.2. File Access Permissions

The st_mode value also contains the access limit for the file. 9 permission bits, obtained from <sys/STAT. h>

St_modeBlocked word	Meaning
S_irusr	User-read
S_iwusr	User-write
S_ixusr	User-execution
S_irgrp	Group-read
S_iwgrp	Group-write
S_ixgrp	Group-execution
S_iroth	Others-read
S_iwoth	Others-write
S_ixoth	Others-execution

The command chmod is used to modify these nine permission bits. This command allows the user (owner) to be displayed in the u table, g to represent the Group, and O to represent others. Each time a process opens, creates, or deletes a file, the kernel tests the file access permission, and the file owner (st_ui and st_gid) the valid ID (valid user ID and valid group ID) of the process and the additional group ID (if supported) of the process ). The two owner IDs are the nature of the file, while the two valid IDs and the additional group IDs are the nature of the process. The kernel is tested in sequence:

1). If the valid user ID of the process is 0 (Super User), access is allowed.

2). If the valid user ID of a process is equal to the owner ID of the file (that is, the process owns the file), access is allowed if the appropriate access limit of the owner is set.

3). If the valid group ID of the process or one of the additional group IDs of the process is equal to the group ID of the file, access is allowed if the appropriate permission bit of the group is set.

4). Access is allowed if the appropriate access limit is set for other users.

 

1.3. setuid and setgid functions

In Unix systems, privileges are based on user and group IDs. When the program needs to add privileges or access resources that are not currently allowed to access, we need to change our user ID or group ID so that the new ID has the appropriate privileges or access permissions. Similarly, when a program needs to lower its privileges or block access to certain resources, it also needs to change the user ID or group ID, so that the new ID no longer has the corresponding privileges or the ability to access these resources.

In general, when designing an application, we always try to use the least privilege model. The setuid function sets the actual user ID and valid user ID. The setgid function sets the actual group ID and valid group ID.

# Include <unistd. h>

Int setuid (uid_t UID );

Int setgid (gid_t GID );

 

Rules for changing user IDs:

1) if the process has the superuser privilege, the setuid function sets the actual user ID, valid user ID, and saved Set User ID to uid.

2). If the process does not have the superuser privilege, but the UID is equal to the actual user ID or the saved user ID, setuid only sets the valid user ID as the UID. The actual user ID and the saved user ID are not changed.

3) if neither of the preceding conditions is met, set errno to eperm and return-1.

 

Pay attention to the following points for the three user IDs maintained by the kernel:

1). Only the superuser process can change the actual user ID. The actual user ID is set by the login program during user logon and will never be changed. Because login is a superuser process, when it calls setuid, it sets all three user IDs.

2). The exec function sets a valid user ID only when the user ID bit is set for the program file. You can call setuid at any time to set valid user IDs to actual user IDs or saved user IDs.

3). The saved user ID is obtained by copying a valid ID from exec. If a user ID is set for the program file, the copy will be saved after exec sets a valid user ID for the process based on the user ID of the file.

Note: The getuid and geteuid functions can only obtain the current value of the actual user ID and valid user ID. Different Methods for Changing Three user IDs:

ID	Exec		Setuid (UID)
	Set User IDBit disabled	Set User IDBit open	Superuser	Non-authorized user
Actual user ID	Unchanged	Unchanged	Set to uid	Unchanged
Valid user ID	Unchanged	User ID of the program file	Set to uid	Set to uid
Saved Set User ID	Copy From valid user ID	Copy From valid user ID	Set to uid	Unchanged

 

Poix.1 contains two functions: setuid and setegid. They are similar to setuid and setgid, but only change valid user IDs and valid group IDs.

# Include <unistd. h>

Int seteuid (uid_t UID );

Int setegid (gid_t GID );