Effective and Real UID and GID

Effective and Real UID and GID

Post by Sekhar Ha » Thu, 09 Aug 2001 22:21:17



Dear Sir/Madam,

     Actually what is the meaning of effective and real UID and GID
?.Is there any rule for assigning them values ?.How the UNIX kernel
provides these values each time ?.Please Help.

Thanks in advance,
Sekhar H.

 
 
 

Effective and Real UID and GID

Post by Lew Pitch » Thu, 09 Aug 2001 22:26:15



Quote:>Dear Sir/Madam,

>     Actually what is the meaning of effective and real UID and GID
>?.Is there any rule for assigning them values ?.How the UNIX kernel
>provides these values each time ?.Please Help.

A simplified explanation:

The real uid and gid are the uid and gid under which you logged on

The effective uid and gid are the uid and gid under which your
processes run. Usually, it is the same as the real uid and gid, but
when the program uses the setuid and/or setgid features of the
operating system (i.e. binary is marked as 'setuid' or 'setgid', or
uses one of the setuid()/setgid() calls), it can change the uid and
gid used by the os for function validation.

In other words, it is entirely possible to run a program with the real
uid and gid of your login, but with the effective uid and gid of root.

Lew Pitcher, Information Technology Consultant, Toronto Dominion Bank Financial Group

(Opinions expressed are my own, not my employer's.)

 
 
 

Effective and Real UID and GID

Post by Urs Thuerman » Sat, 11 Aug 2001 15:40:58



>      Actually what is the meaning of effective and real UID and GID
> ?.Is there any rule for assigning them values ?.How the UNIX kernel
> provides these values each time ?.Please Help.

First, this is not a questions for comp.unix.internals.  Better would
be comp.unix.questions.

Short answer:  real uid/gid is used for accounting and to see who you
really are, i.e. what user you have logged in as.  The effective
uid/gid determines your rights, e.g. for file accesses, sending
signals, setting system time, changing process priorities and resource
usage limits, etc.

Usually, real uid/gid anq effective uid/gid are the same and are set
to uid/gid of the user you log in as.  Some program, however, have a
special bit set, called setuid bit (there is also a setgid bit).  When
executing such a program the effective uid is set to the uid of the
owner of that program.  This makes it possible for a normal user to
change his password, although the /etc/passwd file is not writeable by
a normal user.  The /bin/passwd program is setuid to root, so one gets
root permissions when executing that program.  The passwd program can
check who you really are using the real uid, so it knows whose passwd
to change.  Also, if CPU time is accounted and has to be payed for,
the real uid is used, the that real user and not root has to pay the
CPU cycles for calling /bin/passwd.

urs

 
 
 

Effective and Real UID and GID

Post by Sven Maschec » Tue, 14 Aug 2001 10:00:02




>> [meaning of effective and real UID and GID?]
> Short answer:  real uid/gid is used for accounting and to see who you
> really are [...] The effective uid/gid determines your rights [..examples]

"The most important function of the Real UID (RUID) is defining what
 values the EUID can be set to :-)"  -- Andrew Gierth
 
 
 

Effective and Real UID and GID

Post by Urs Thuerman » Tue, 14 Aug 2001 17:30:22



> "The most important function of the Real UID (RUID) is defining what
>  values the EUID can be set to :-)"  -- Andrew Gierth

Yes, but when it comes to changing uid/gid, the saved ids also come
into play, although I don't remember all the details right now (what
combinations of real/saved uid allows you to change to which uid, and
when (on changing and execve'ing) the saved ids are set).

urs

 
 
 

1. effective UID vs. Real UID with su - problem

Experts,

The situation is :
---------------------------------------------------------------------------
sunfire{/home/dxsnezhk}# id
uid=60144(dxsnezhk) gid=1(other)
sunfire{/home/dxsnezhk}# /usr/xpg4/bin/id -u -nr
dxsnezhk
sunfire{/home/dxsnezhk}# whoami
dxsnezhk
sunfire{/home/dxsnezhk}# who am i
dxsnezhk   pts/1        Mar 31 11:06    (10.4.242.8)
sunfire{/home/dxsnezhk}# su -
Password:
Sun Microsystems Inc.   SunOS 5.8       Generic Patch   October 2001
You have new mail.
sunfire{/}# id
uid=0(root) gid=1(other)
sunfire{/}# /usr/xpg4/bin/id -u -nr
root
sunfire{/}# whoami
root
sunfire{/}# who am i
dxsnezhk   pts/1        Mar 31 11:06    (10.4.242.8)
sunfire{/}# passwd
passwd:  Changing password for dxsnezhk
New password:
sunfire{/}#
---------------------------------------------------------------------------

As you can see, even with su -      my real UID does not change for
some commands? I am coming from HP-UX background and I expect EUID ==
RUID upon
su - . Also, I don't understand why id and who command report
different values. What am I missing ?

Thanks.
Dimitry.

2. win millenium

3. setuid to a non-root uid for both effective&real uid

4. 5th Annual Tcl/Tk Workshop '97 - Preliminary Program

5. Matrox Mystique ands X.

6. NetBSD 1.4/i386 sysinst hangs : bad RAM?

7. Effective vs. Real UIDs

8. netCDF libs.

9. real- and effective uid woes

10. effective and real uids

11. Can you explain me the meaning of effective and real uid

12. Q: Super 3.5.2 won't change real uid/gid

13. UID / effective UID problem