Effective UID is the one used for permission checks. The whole thing is a bit tricky: Linux supports both a Real UID and a Saved UID (actually, same with HP/UX and others unices). The point is that you cant just change to any EUID. Here are the rules:
- Changing to SUID or RUID is always ok
- If you are root (UID 0), you can change to any UID. This will set both EUID, RUID and SUID.
so is changing from root to any other UID)
- RUID is set to according to your login.
- EUID is different from RUID only when running Set UID programs, like su
The point is that a Set UID program can switch between the UID of the user who invoked it, and the owner of the executable.
A good description can be found in the info manual that comes with glibc (see process persona section)
|