There are, in fact, not one, but four user IDs associated with a process: the real,
effective, saved, and filesystem user IDs. The real user ID is the uid of the user who
originally ran the process. It is set to the real user ID of the process’ parent, and does
not change during an exec call. Normally, the login process sets the real user ID of
the user’s login shell to that of the user, and all of the user’s processes continue to
carry this user ID. The superuser (root) may change the real user ID to any value, but
no other user can change this value.
The effective user ID is the user ID that the process is currently wielding. Permission
verifications normally check against this value. Initially, this ID is equal to the real
user ID, because when a process forks, the effective user ID of the parent is inherited
by the child. Furthermore, when the process issues an exec call, the effective user is
usually unchanged. But, it is during the exec call that the key difference between real
and effective IDs emerges: by executing a setuid (suid) binary, the process can change
its effective user ID. To be exact, the effective user ID is set to the user ID of the
owner of the program file. For instance, because the /usr/bin/passwd file is a setuid
file, and root is its owner, when a normal user’s shell spawns a process to exec this
file, the process takes on the effective user ID of root regardless of who the executing
user is.
Nonprivileged users may set the effective user ID to the real or the saved user ID, as
you’ll see momentarily. The superuser may set the effective user ID to any value.
The saved user ID is the process’ original effective user ID. When a process forks, the
child inherits the saved user ID of its parent. Upon an exec call, however, the kernel
sets the saved user ID to the effective user ID, thereby making a record of the effec-
tive user ID at the time of the exec. Nonprivileged users may not change the saved
user ID; the superuser can change it to the same value as the real user ID.
What is the point of all these values? The effective user ID is the value that matters:
it’s the user ID that is checked in the course of validating a process’ credentials. The
real user ID and saved user ID act as surrogates, or potential user ID values that non-
root processes are allowed to switch to and from. The real user ID is the effective
user ID belonging to the user actually running the program, and the saved user ID is
the effective user ID before a suid binary caused a change during exec.
阅读(522) | 评论(0) | 转发(0) |