What's the Purpose of Each of the Different Uids a Process Can Have

  • Home
  • Languages
  • Linux
  • What's the Purpose of Each of the Different Uids a Process Can Have

What's the purpose of each of the different UIDs a process can have?

Each UNIX process has 3 UIDs associated to it. Superuser privilege is UID=0.

Real UID

This is the UID of the user/process that created THIS process. It can be changed only if the running process has EUID=0.

Effective UID

This UID is used to evaluate privileges of the process to perform a particular action. EUID can be changed either to RUID, or SUID if EUID!=0. If EUID=0, it can be changed to anything.

Saved UID

If you run an executable with the set-UID bit set, then the resulting running process will start off with a real UID of the real user running it, and an effective and saved UID of the owner of the executable file. If the process then calls setuid() or seteuid() to change their effective UID, they can still get back their original privileges again thanks to the saved UID. If the set-UID bit is not set, SUID will be the RUID.

Why saved set userID is needed?

When files are accessed, the system looks at the process's effective UID, its set of GIDs and matches those to the file permissions (and possibly the ACLs on the file).

When files are created, the system looks at the same process values when deciding whether the file can be created, but uses the effective UID to set the UID on the file, and uses either the effective GID or the directory's GID (if the SGID bit is set on the directory, or if you are on MacOS X).

The access() system call checks whether the real UID and real GID (instead of the effective UID and GID) can access the file.

If you have a SUID (setuid) program, then it can use its EUID to access files that it would otherwise not be accessible to its users. However, if it wants to create a file on behalf of the user (the RUID of the person running it), then it needs to drop the SUID privilege so the EUID is the same as the RUID. Once upon not so very long ago, once you dropped the SUID privilege, it was lost for good; you could not get it back. The saved UID value allows you to switch back, which simplifies management of privileges for SUID programs.

What is the difference between a Process' pid, ppid, uid, euid, gid and egid?

In order:

  • pid: The is the process ID (PID) of the process you call the Process.pid method in.
  • ppid: The PID of the parent process (the process that spawned the current one). For example, if you run ruby test.rb in a bash shell, PPID in that process would be the PID of Bash.
  • uid: The UNIX ID of the user the process is running under.
  • euid: The effective user ID that the process is running under. The EUID determines what a program is allowed to do, based on what the user with this UID is allowed to do. Typically the same as uid, but can be different with commands like sudo.
  • gid: The UNIX group ID the program is running under.
  • egid: Like euid, but for groups.

Purpose of the saved user ID

It is best to do as much as possible with lower privileges. That way the OS protects you from doing stupid things.

Do as little as possible as root. Many people have logged in as root and really messed things up.

Purpose of issetugid?

Six questions is a bit much to answer in a system designed for one question to answer, especially if no one person knows the answers to all six, but I'll try...

1) The purpose of issetugid() is to let libraries know if they're being used in a program that was run with raised privileges so they can avoid risky behavior such as trusting LD_LIBRARY_PATH, NLSPATH, etc. environment variables that would let the caller load modules that can abuse the raised privileges. You can see some historical discussions on it like this ncurses 4.1 security bug thread.

2) That code appears to be less secure than the BSD & Solaris versions, since it doesn't take into account the saved setid bits.

3) They probably have different implementations on different kernels - look at the platform source code to find out.

4, 5 & 6) No, yes, yes - a process that can change its euid or egid back to higher levels should still not trust environment variables that cause it to load user-provided code to exploit them.

When the column values for UID and GID fields in /proc/ pid /status file will differ

Taking this as a question:

So, in any chance those four columns will show different UIDs.

Yes. Subject to various limitations, processes can change their effective and saved UIDs and GIDs. This is what the setuid(), setgid(), seteuid(), and setegid() functions do.

The filesystem uid and gid are Linux-specific features that are used mainly, if not entirely, in the context of NFS (see filesystem uid and gid in linux). These can be manipulated with setfsuid() and setfsgid(), subject, again, to limitations.

For most processes, all the UIDs will the same and all the GIDs will be the same, but it is conceivable that they would all be different. It is a function of the behavior of the process.


Related Topics

Linux X64: Why Does R10 Come Before R8 and R9 in Syscalls

Why Doesn't "Sort File1 > File1" Work

Return Code When Oom Killer Kills a Process

Why Percent Signs (%) Do Not Work in Crontab

Why Doesn't the Cd Command Work in My Shell Program

How to Pass Argument with Exclamation Mark on Linux

How to Force Abort on "Glibc Detected *** Free(): Invalid Pointer"

Assembly: Printf Not Printing New Line

Using Ls to List Directories and Their Total Sizes

How to Exclude Directories from Grep -R

Check for Ip Validity

What Is the Purpose of the "-I" and "-T" Options for the "Docker Exec" Command

How to Append One File to Another in Linux from the Shell

Interpreting Segfault Messages

When Should I Use Tcp_Nodelay and When Tcp_Cork

Openshift: "Failed to Execute Control Start" on Node Application

How Find Out Which Process Is Using a File in Linux

Switching Users Inside Docker Image to a Non-Root User


Leave a reply



Submit