Access rights for suid programs. - (nf)
Guy Harris
guy at rlgvax.UUCP
Wed Dec 21 17:38:52 AEST 1983
Note 1: The effective UID is what is used both as the user ID to determine
permissions (including super-user privileges) and as the user ID which will
own all files created by the process. The real UID is used only for:
1) kernel accounting
2) dropping cores; if real UID != effective UID, no "core" file
is created if the process gets a signal that would normally
cause a "core" file to be written
3) various other UNIX-version dependent things
Note 2: System V provides much of what is needed. The rules are:
You (i.e., any program, whether it has super-user privileges or
not) may set your effective uid to any non-superuser ID that is
either:
your real uid
or:
the uid your program was originally set-UID to
This does NOT set the real UID, only the effective UID. In effect, you can
switch back and forth between having the privileges of (and creating files
owned by) the original user and having the privileges of the set-UID user.
Only the superuser can set the real uid.
This is not documented; after all, if all the useful features were
documented, would it be UNIX? It is, however, closer to the right way
to do it than the old way, as it permits a program to alternate between
using the privileges of the "real" and "set-UID" UID.
Guy Harris
{seismo,ihnp4,allegra}!rlgvax!guy
More information about the Comp.unix.wizards
mailing list