More on Set User ID

• When a setuserid program is executed (u+s or g+s) on file
  • The effective user id is set to that of the executable.
  • The value of the saved id is copied from the effective id.
  • The real user id is preserved
  • System calls can be used to make the real user id the effective user id.
• Linux has a non-standard system call to get the ids
  • int getresuid(uid_t *ruid, uid_t *euid, uid_t *suid);
  • Also in HP-UX and some BSD versions.
• There are a number of calls that change the ids of a process
  • int setuid(uid_t uid);
    • If the process is privileged, the effective, real and saved ids are set
    • This causes a privileged process to "irrevocably drop all privileges"
    • If the process is not privileged the effective uid of the process is changed, but only to the real userID or saved user id.
  • see change.C
  • int seteuid(uid_t euid);
    • sets the euid
    • Unprivileged process can only set it to the real, effective or saved id.
    • This is not an irrevocable set.
  • See chagne2.C
  • int setresuid(uid_t ruid, uid_t euid, uid_t suid);
    • unprivileged process can set values to any of the current values.
    • privileged processes can do whatever they want.
• There are equivalent calls for group.