The real and effective user IDs can be changed under the correct conditions. These UNIX functions are strictly controlled because they change the accountability and the access of the calling process involved.
The setuid(2) function permits the real user ID to be changed. seteuid(2) allows the effective user ID to be altered. The function synopsis for both is as follows:
#include <sys/types.h> #include <unistd.h> int setuid(uid_t uid); int seteuid(uid_t euid);
These functions return 0 when successful and -1 if they fail. The value of errno will be set when the call fails (errors EPERM or EINVAL can be returned).
Note
EPERM—Operation Not Permitted This Operation Not Permitted error> Operation Not Permitted error> error states that the function requested an operation that is not permitted.
Table 12.1 summarizes how the setuid(2) function affects the various user ID values that the kernel maintains for the process. Note that a non-root process can change the effective user ID only for the current process.
User ID | As root | As non-root |
---|---|---|
Real | Set | Unchanged |
Effective | Set | Set |
Saved | Set | Unchanged |
Table 12.2 summarizes the ways that executing a new program affects the user ID values. Notice that the real user ID is never changed by executing a new program. The effective user ID is changed by execve(2) only when executables have the set-uid bit enabled. The saved user ID value is always the effective user ID that was in effect.
User ID | No set-uid Bit | With set-uid Bit |
---|---|---|
Real | Unchanged | Unchanged |
Effective | Unchanged | Owner of executable file |
Saved | Effective | Effective |
Note
Group ID values function in the same manner as the user ID values shown in Tables 12.1 and 12.2.
The exception is that when execve(2) starts an executable with the set-gid bit on, the effective group ID comes from the group owner of the file.
18.118.1.232