Effective vs. Real UIDs

Effective vs. Real UIDs

Post by Scott Moo » Thu, 04 Sep 1997 04:00:00



Hello-

I have a question to which I am sure there are alot of answers.  Basically,
reading through the documentation about Effective and Real UIDs leads me to
believe that the Real UID is not used for much at all.  The permissions to files,
permissions to IPC objects, ownership of created files, permissions for sending
signals, etc. are all based off of the effective UID.  So, what is the Real UID
used for?  I am sure that it has many uses, but I cannot determine these right
now!

Thank you for any responses!
Scott Moore

 
 
 

Effective vs. Real UIDs

Post by Nick K » Fri, 05 Sep 1997 04:00:00


Quote:> The most important function of the Real UID (RUID) is defining what
> values the EUID can be set to :-)

> In effect, the RUID defines "who is executing the program", whereas the
> EUID defines "whose authority does the program have".

Perhaps worth adding that different Unix variants differ in behaviour
of setuid, and in the exact interpretation of the above.

Consider the following pseudo-code.   Will it work correctly on _your_ OS?
(it's essentially something I wrote in about '92 to run on SunOS where it
works as described.  On some OSs the second setuid will expect to succeed)

// server has got a request to service
switch (pid = fork(), pid) {
  case -1: // log error
  case 0: // go back to being a server ;
  default: // process request and quit:
        // up to here we're running as root so setuid should work
    if (setuid(uid of user) != 0)
        log error ;
    }
        // now we need to stop a potential serious security hole:
        // don't run users own script as root, even if they've
        // hacked the Client interface to claim to be root.
    if (setuid(0) == 0) {       // we should NOT now be able to do this
        log security alert ;
    } else {
      set up resources ;
      exec user's script ;
    }
  }

--
Nick Kew
WebThing virtual office: personal and groupware desktop on the Web
Mail Client, Mail Server, Calendar Server, FileServer, Conferencing
- <URL:http://www.webthing.com/>

 
 
 

1. effective UID vs. Real UID with su - problem

Experts,

The situation is :
---------------------------------------------------------------------------
sunfire{/home/dxsnezhk}# id
uid=60144(dxsnezhk) gid=1(other)
sunfire{/home/dxsnezhk}# /usr/xpg4/bin/id -u -nr
dxsnezhk
sunfire{/home/dxsnezhk}# whoami
dxsnezhk
sunfire{/home/dxsnezhk}# who am i
dxsnezhk   pts/1        Mar 31 11:06    (10.4.242.8)
sunfire{/home/dxsnezhk}# su -
Password:
Sun Microsystems Inc.   SunOS 5.8       Generic Patch   October 2001
You have new mail.
sunfire{/}# id
uid=0(root) gid=1(other)
sunfire{/}# /usr/xpg4/bin/id -u -nr
root
sunfire{/}# whoami
root
sunfire{/}# who am i
dxsnezhk   pts/1        Mar 31 11:06    (10.4.242.8)
sunfire{/}# passwd
passwd:  Changing password for dxsnezhk
New password:
sunfire{/}#
---------------------------------------------------------------------------

As you can see, even with su -      my real UID does not change for
some commands? I am coming from HP-UX background and I expect EUID ==
RUID upon
su - . Also, I don't understand why id and who command report
different values. What am I missing ?

Thanks.
Dimitry.

2. No 'at' sign in many applications

3. setuid to a non-root uid for both effective&real uid

4. Tornado PCI Modem

5. Effective and Real UID and GID

6. Apache proxy question

7. real- and effective uid woes

8. Symbolic links -- absolute and relative

9. effective and real uids

10. Can you explain me the meaning of effective and real uid

11. UID / effective UID problem

12. Real vs effective user id difference.

13. Real vs. effective