Can someone please explain the set-user-ID mechanism in Unix ? What was the rationale behind this design decision? How is it different from effective user id mechanism ?
How does the set-user-ID mechanism work in Unix
Architecturecommand lineprivilegesprocesssetuid
Best Answer
You might know the normal read, write and execute permissions for files in unix.
However, in many applications, this type of permission structure--e.g. giving a given user either full permission to read a given file, or no permission at all to read the file--is too coarse. For this reason, Unix includes another permission bit, the
set-user-ID
bit. If this bit is set for an executable file, then whenever a user other than the owner executes the file, that user acquires all the file read/write/execute privileges of the owner in accessing any of the owner's other files!To set the set-user-ID bit for a file, type
Make sure that you have set group-other execute permission too; it would be nice to have group-other read permission as well. All of this can be done with the single statement
It is also referred to as Saved UID. A file that is launched that has a Set-UID bit on, the saved UID will be the UID of the owner of the file. Otherwise, saved UID will be the Real UID.
What is effective uid ?
This UID is used to evaluate privileges of the process to perform a particular action. EUID can be changed either to Real UID, or Superuser UID if EUID!=0. If EUID=0, it can be changed to anything.
Example
An example of such program is
passwd
. If you list it in full, you will see that it has Set-UID bit and the owner is "root". When a normal user, say "mtk", runspasswd
, it starts with:Reference link 1
Reference link 2