Real and effective userids.
Conor P. Cahill
cpcahil at virtech.UUCP
Tue Oct 3 21:33:29 AEST 1989
In article <291 at bmers58.UUCP>, davem at bmers58.UUCP (Dave Mielke) writes:
> In article <1219 at virtech.UUCP> cpcahil at virtech.UUCP (Conor P. Cahill) writes:
> >The real userid is the numerical id of "the user"
> >that is running a process, as opposed to "the effective" id of the process
> >that is used to determine whether you can open, create, unlink, etc. a file.
>
> This is intuitively the way things should work, but when I open a file
> from within a setuid program it appears to enforce the access rights of
> the real userid and not those of the effective userid. Why is this?
You don't post your program so I can't tell you what is happening, but using
the following code:
main()
{
close(creat("testfile.cpc",0777));
}
compiling the program, changing the mode to 4755,
-rwsr-xr-x 1 cpcahil opadmin 5281 Oct 3 07:20 /tmp/t
log in as user angie with home directory mode:
drwxr-x--- 7 angie opadmin 512 Oct 3 07:23 .
Run /tmp/t and NO file is created since only the owner has write access and the
program runs as cpcahil (who is not the owner).
Run "chmod g+w ." and then re-run /tmp/t and the following file is created
since the user's group does have write access to the current directory:
drwxr-x--- 1 cpcahil opadmin 0 Oct 3 07:24 testfile.cpc
Note that the file is not owned by the current user (angie) but by the owner
of the program that is setuid.
--
+-----------------------------------------------------------------------+
| Conor P. Cahill uunet!virtech!cpcahil 703-430-9247 !
| Virtual Technologies Inc., P. O. Box 876, Sterling, VA 22170 |
+-----------------------------------------------------------------------+
More information about the Comp.unix.wizards
mailing list