effective UID vs. Real UID with su - problem

effective UID vs. Real UID with su - problem

Post by Dima » Wed, 02 Apr 2003 02:26:23



Experts,

The situation is :
---------------------------------------------------------------------------
sunfire{/home/dxsnezhk}# id
uid=60144(dxsnezhk) gid=1(other)
sunfire{/home/dxsnezhk}# /usr/xpg4/bin/id -u -nr
dxsnezhk
sunfire{/home/dxsnezhk}# whoami
dxsnezhk
sunfire{/home/dxsnezhk}# who am i
dxsnezhk   pts/1        Mar 31 11:06    (10.4.242.8)
sunfire{/home/dxsnezhk}# su -
Password:
Sun Microsystems Inc.   SunOS 5.8       Generic Patch   October 2001
You have new mail.
sunfire{/}# id
uid=0(root) gid=1(other)
sunfire{/}# /usr/xpg4/bin/id -u -nr
root
sunfire{/}# whoami
root
sunfire{/}# who am i
dxsnezhk   pts/1        Mar 31 11:06    (10.4.242.8)
sunfire{/}# passwd
passwd:  Changing password for dxsnezhk
New password:
sunfire{/}#
---------------------------------------------------------------------------

As you can see, even with su -      my real UID does not change for
some commands? I am coming from HP-UX background and I expect EUID ==
RUID upon
su - . Also, I don't understand why id and who command report
different values. What am I missing ?

Thanks.
Dimitry.

 
 
 

effective UID vs. Real UID with su - problem

Post by Mike Delane » Wed, 02 Apr 2003 03:43:43


On 31 Mar 2003 09:26:23 -0800,

:  As you can see, even with su -      my real UID does not change for
:  some commands? I am coming from HP-UX background and I expect EUID ==
:  RUID upon
:  su - . Also, I don't understand why id and who command report
:  different values. What am I missing ?

No, your UID is equal to your EUID when you su.  You're making the
assumption that who and passwd are both using something like
getpwuid(getuid()) to determine your username.  They aren't.
(OTHO, id and whoami are.)

The who command couldn't care less what your UID/EUID are - it's simply
printing out the contents of /var/adm/utmpx, and in the case of the '-m',
'am i', or 'am I' arguments, restricting that listing to the entry
corresponding to the controlling terminal.

As for the passwd command, the fact that it will attempt to change the
password of a user su'ed to root rather than root's password when no
username is given on the command line is an intentional, and documented
behavior.  If you examine it under truss it appears to use the same
technique of retrieving the utmpx entry for the controlling terminal
as 'who am i' to determine the username who's password should be changed
in the event that getuid() returns 0 and none was specified.  (Which
gives rise to an interesting question:  What will it do if there is no
utmpx entry for this terminal?)

 
 
 

effective UID vs. Real UID with su - problem

Post by Neil W Ricker » Wed, 02 Apr 2003 03:23:56



>sunfire{/home/dxsnezhk}# su -
>Password:
>Sun Microsystems Inc.   SunOS 5.8       Generic Patch   October 2001
>You have new mail.
>sunfire{/}# id
>uid=0(root) gid=1(other)

Looks okay.  There isn't any problem here.

Quote:>sunfire{/}# who am i
>dxsnezhk   pts/1        Mar 31 11:06    (10.4.242.8)

The "who am i" command is not using your uid.  It is reporting
information from the "wtmp" information (the user who logged in).

Quote:>sunfire{/}# passwd
>passwd:  Changing password for dxsnezhk
>New password:
>sunfire{/}#

Most likely "passwd" is also using wtmp information.

You can use

        passwd root

to override this.

 
 
 

effective UID vs. Real UID with su - problem

Post by Casper H.S. Di » Wed, 02 Apr 2003 18:02:14



>some commands? I am coming from HP-UX background and I expect EUID ==
>RUID upon
>su - . Also, I don't understand why id and who command report
>different values. What am I missing ?

euid == ruid; your confusion is due to the fact that "who am i" returns
information about who is logged in on the current tty (as getlogin(3) does).

But your effective uid and real uid are one and the same after su.

Casper
--
Expressed in this posting are my opinions.  They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.

 
 
 

effective UID vs. Real UID with su - problem

Post by Dima » Thu, 03 Apr 2003 00:38:23


Thanks a lot, guys. I completely understand now.