Inspired by one of the previously answered questions, I tried executing a program by a user who was not its owner — and the process's RUID and EUID remained the same. (Unless I read the answer wrong and that's not how you can achieve the difference.)
Then I tried opening a program as another user via sudo
— and still nothing.
I've scanned through all already-existing processes (I think) via ps axo euid,ruid,comm -e g
, and none of them had different RUIDs and EUIDs.
How can I achieve (or find the processes with) the difference? Some specific commands would help, because I could have possibly made some mistakes in some steps.
Best Answer
Invoking an executable that you don't own is nothing remarkable. Most executables on the system belong to root, and running them does not give the user any extra privileges.
It's only setuid executables that start with the effective UID set to the owner of the executable while the real UID remains the real UID of the invoking process.
sudo
is setuid root, so it runs with the effective UID 0 and your real UID. But when it invokes another command, it sets both the effective UID and the real UID to the target user. You'd have to catchsudo
itself in order to observe an EUID that differs from the RUID. This will be too quick to see unlesssudo
prompts you for a password.You can easily observe the differing UIDs by running the
passwd
command as a non-root user. While the prompt is being displayed, runps
in another temrinal:To find all running processes with differing EUID and RUID, you can use
It's normal not to find any, most setuid processes are short-lived.