Real and effective userids.
Guy Harris
guy at auspex.auspex.com
Wed Oct 4 03:59:19 AEST 1989
>This is intuitively the way things should work, but when I open a file
>from within a setuid program it appears to enforce the access rights of
>the real userid and not those of the effective userid. Why is this?
Because either:
1) your UNIX implementation is broken;
2) the program that does the open also calls "access" to check
whether it's really allowed to open the file or not;
3) the program uses "setuid()" or whatever to relinquish its
set-UID privileges before opening the file;
4) your program really isn't running set-UID for some reason;
5) you're misinterpreting what's actually happening.
On non-broken UNIX implementations, the "open" call uses the effective
UID to enforce access rights. Try a trivial set-UID program that prints
the real and effective UIDs, and then just opens a specified file,
reporting success or failure (use "perror" to report failure), and
closes the file, doing nothing else. If *that* acts as if it's using
the real UID to check permissions, and the printout reports that it is,
in fact, set-UID to the UID to which it should be set-UID, 1) is the
most likely cause....
More information about the Comp.unix.wizards
mailing list