How do real and effective user IDs work

setuid

When a normal user wants to make change to the passwd file, the user will by setuid be given the effective user access. User becomes root temporarily and can edit passwd.

However you can only edit your password right, and not everybody else? However your effective user access is root. So how come you're not allowed to change other passwords beside yours?

When you run a program with setuid, what does it mean actually when effective user is root, but real user id is still your name?

Best Answer

You can't change other passwords because the program won't allow you to. The program has system permissions to change any password it wants, because it is running as root, but the program has been specifically designed not to give the user any way to get it to use those permissions.

It is not quite that the user becomes root temporarily, it is that the trusted program runs with root permissions. Obviously, only programs that are specifically designed to limit users to doing only what they should be permitted to do can safely be made setuid.

Related Solutions

Understanding Root Owned Programs with Setuid Bit

ping needs root so it can open a socket in raw mode. That's literally the first thing it does when it starts up:

icmp_sock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
socket_errno = errno;

That's the only thing it needs root for, so like many programs, it immediately drops its privilege level back to your normal user account:

uid = getuid();
if (setuid(uid)) {
    perror("ping: setuid");
    exit(-1);
}

How does the set-user-ID mechanism work in Unix

You might know the normal read, write and execute permissions for files in unix.

However, in many applications, this type of permission structure--e.g. giving a given user either full permission to read a given file, or no permission at all to read the file--is too coarse. For this reason, Unix includes another permission bit, the set-user-ID bit. If this bit is set for an executable file, then whenever a user other than the owner executes the file, that user acquires all the file read/write/execute privileges of the owner in accessing any of the owner's other files!

To set the set-user-ID bit for a file, type

 chmod u+s filename

Make sure that you have set group-other execute permission too; it would be nice to have group-other read permission as well. All of this can be done with the single statement

 chmod 4755 filename

It is also referred to as Saved UID. A file that is launched that has a Set-UID bit on, the saved UID will be the UID of the owner of the file. Otherwise, saved UID will be the Real UID.

What is effective uid ?

This UID is used to evaluate privileges of the process to perform a particular action. EUID can be changed either to Real UID, or Superuser UID if EUID!=0. If EUID=0, it can be changed to anything.

Example

An example of such program is passwd. If you list it in full, you will see that it has Set-UID bit and the owner is "root". When a normal user, say "mtk", runs passwd, it starts with:

Real-UID = mtk  
Effective-UID = mtk  
Saved-UID = root

Reference link 1
Reference link 2