Real and effective userids.
Jeff d'Arcy
jdarcy at pinocchio.encore.com
Tue Oct 3 23:33:07 AEST 1989
cpcahil at virtech.UUCP (Conor P. Cahill):
> The real userid is the numerical id of "the user"
> that is running a process, as opposed to "the effective" id of the process
> that is used to determine whether you can open, create, unlink, etc. a file.
davem at bmers58.UUCP (Dave Mielke):
> This is intuitively the way things should work, but when I open a file
> from within a setuid program it appears to enforce the access rights of
> the real userid and not those of the effective userid. Why is this?
The system itself will use the EUID for checking permissions, but that
doesn't mean that all programs make it that easy. Some programs quite
deliberately do things such as set the EUID to be the same as the RUID,
effectively undoing the effect of the SUID bit. This is often done to
close a security hole, and thus there's no really good general solution
that doesn't involve serious changes to the semantics of SUID.
Jeff d'Arcy jdarcy at encore.com (508) 460-0500
Encore has provided the medium, but the message remains my own
More information about the Comp.unix.wizards
mailing list