Skip to main content
Welcome guest. | Register | Login | Post

What's the diference between an effective UID/GID and a real UID/GID?

4 replies [Last post]
whisper's picture
Offline
Joined: 2006-09-06

What's the diference between an effective UID/GID and a real UID/GID?
I usually see this kind of distinction on several command manpages. What's the diference?

Thank You Smiling

whisper's picture
Offline
Joined: 2006-09-06
Nobody knows...

Nobody knows... Shocked

dylunio's picture
Offline
Joined: 2005-12-20
From

From http://en.wikipedia.org/wiki/Group_identifier_%28Unix%29:

Quote:

Unix processes have both an effective (EGID) and a real (PGID) group ID. Normally these are identical, but in setgid process they are different. This is so the setgid process can perform privileged functions using the privileged group, yet easily revert to the non-privileged group when necessary. This is to prevent the calling user from manipulating the process to gain unauthorized access to the privileged group.

TBH I don't really know what this means, but it may help you.

btw, there was only 2 hours between your too posts, please be patient! maybe others who are currently asleep or at work will be able to reply once they wake or come home from work...

dylunio

whisper's picture
Offline
Joined: 2006-09-06
Thank you for helping. I'll

Thank you for helping. I'll be more patient next time Smiling

whisper's picture
Offline
Joined: 2006-09-06
I think that it means that

I think that it means that when you execute a program with the setuid/setgid bit enabled, you will be starting a process with a diferent GID/UID from your original UID/GID. For example the mount command can only run in superuser mode, so in order for a regular user to execute it whithout any problems, the setuid permission bit must be set, then when you execute a mount command you'll be running the process with a effective UID/GID of 0 (root) being your real GID/UID the one you allways have before you execute any setuid enabled command.
By the way, in order for a process to run with a root UID/GID the only user who can give the setuid/setgid permission bits is (obviously Smiling) the root user himself. one example: chmod u+s file (for setting the setuid bit), and chmod g+s file (for setting the setgid bit). Someone correct me if I'm wrong.

Thank you for enlighting me Smiling

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.