As far as I understood the different user IDs are as follows (from the perspective of a process):
- real user ID: the user ID that owns the process
- effective user ID: the user ID which determines what is currently allowed to do and not allowed to do
- saved user ID: basically the original effective user ID to be able to return to the original effective user ID when necessary
Now I have two questions:
-
Wouldn't saving the effective user ID in a variable at the beginning of the program make the saved user ID unnecessary?
-
How can I retrieve the saved user ID in a C program ? I was not able to find any functions doing that.
Best Answer
It's not a question of what the userspace program remembers, but what rights the kernel lets it use. For the separation between users to work, it has to be system that controls what user IDs a process can use. Otherwise any process could just ask to become root.
With standard functions you can't (there's only
getuid()
andgeteuid()
). At least Linux hasgetresuid()
that return all three user IDs, though.Anyway, usually you wouldn't need to read it. It's there to allow switching between the real user ID, and the effective user ID in case of a setuid program, so it starts as a copy of the effective user ID.
In a setuid program, the real user ID is that of the user running it, and the effective and saved user IDs are those of the user owning the program. The effective user ID is the one that matters for privilege checks, so if the process wants to temporarily drop privileges, it changes the effective user ID between the real and the saved user IDs.
Yes. The Linux man page for
setuid()
mentions this, but it's somewhat hidden:In other words, you can only set (the effective) user ID to one of the real or saved IDs.
The man page for
setreuid()
is clearer on that: