Real and Effective User and Group IDs

In UNIX, with the exception of a few special system processes, processes are generated by users (root and otherwise ) who have logged on to the system. During the login process the system queries the password file [4] to obtain two identification (ID) numbers. The numbers the system obtains are in the third and fourth fields of the password entry for the user. These are, respectively, the real user ID ( UID ) and real group ID ( GID ) for the user. For example, in the sample password file entry

[4] In older versions of Linux the complete password file ( passwd ) was found in the /etc directory. In newer versions, for security reasons, the password file, while still present, may have some of its pertinent information stored elsewhere (such as in the file /etc/shadow ). While the /etc/passwd file is readable by the ordinary user, supplemental password files usually are not.

ggluck:x:1025:1001:Garrett Gluck:/home/student/ggluck:/bin/tcsh

the user login ggluck has a real user ID of 1025 and a group ID of 1001. The real user ID should be (if the system administrator is on the ball) a unique integer value, while the real group ID (also an integer value) may be common to several logins. Group ID numbers should map to the group names stored in the file /etc/group . [5] In general, IDs of less than 500 usually (but not always) indicate user logins with special status.

[5] If, for some reason, there is no group name for the assigned group number, the system displays the group number when you issue the ls-l command.

For every process the system also keeps a second set of IDs called effective IDs, the effective user ID ( EUID ) and effective group ID ( EGID ). The operating system uses the real IDs to identify the real user for things such as process accounting or sending mail, and the effective IDs to determine what additional permissions should be granted to the process. Most of the time the real and effective IDs for a process are identical. However, there are occasions when nonprivileged users on a system must be allowed to access/modify privileged files (such as the password file). To allow controlled access to key files, Linux has an additional set of file permissions, known as set-user-ID ( SUID ) and set-group-ID ( SGID ), that can be specified by the file's owner. When indicated, these permissions tell the operating system that when the program is run, the resulting process should have the privileges of the owner/group of the program (versus the real user/group privileges associated with the process). In these instances, the effective IDs for the process become those indicated for the file's owner. A listing for an suid program follows .

-r-s--x--x 1 root root 13536 Jul 12 2000 /usr/bin/passwd

As shown, this passwd program (the executable for the system-level command passwd ) has its owner permissions set to r-s . The letter s in the owner's category, found in place of the letter x , indicates that when this program is run, the process should have the privileges of the file owner (which is root). The set-user information is stored by the system in a tenth permission bit and can be modified using the system level command, chmod . The SUID setting for the passwd program allows the non-privileged user running it to temporarily have root (superuser) privileges. In this case, the user running the program will be able to modify the system password files, as the permissions on the password files indicate that they are owned and can only be modified by root. Needless to say, programs that have their SUID or SGID bit set should be carefully thought out, especially if the programs are owned by the superuser (root).

At a system level, the command id (as shown in Figure 2.9) displays the current user, group ID, and group affiliation information. Note that while a file can belong to only one group, a user can belong to many groups.

Figure 2.9 Typical id information.

linux$ id uid=500(gray) gid=1000(faculty) groups=1000(faculty)

In a programming environment, the system calls that return the user/group real and effective IDs for a process are given in Table 2.7.

Table 2.7. Summary of User/Group Real and Effective ID Calls System.

Include File(s)

 

Manual Section

2

Summary

uid_t getuid( void ); uid_t geteuid( void ); gid_t getgid( void ); gid_t getegid( void );

Return

Success

Failure

Sets errno

The requested ID

   

There are corresponding system calls that can be passed ID values to set (change) the user/group real and effective IDs. Additionally, Linux implements a file system user ID used by the kernel to limit a user's access to a given file system. The file system ID is set with the setfsuid system call. The use of setfsuid and the calls to set user/group real and effective IDs are beyond the scope of this text.

Категории