[SOLVED] Why the EUID of a setuid program is not 0?
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
1. I created a script named 'testfile' under the root account and set the permission to be "4755". The code contained in the script is shown below:
Code:
echo $UID
echo $EUID
Then, I switched to my normal user account, say 'glen', and ran that script 'testfile'. What baffled me was that the output was
Code:
1000
1000
Shouldn't it be
Code:
1000
0
as I was running this script under root privilege?
2. Since we are on this topic, hope you guys can also answer me another question related to this.
When I wrote the code above, I first tried to output the uid and euid by calling the function getuid() and geteuid(), which, according the to manual page, return the real user id and effective user id respectively, but the problem was that it didn't work, and nor did it work when I keyed in the command 'getuid' on the terminal directly. It output an error saying that the command 'getuid' was not found. WHY?
In case it matters, my distribution is Ubuntu 14.04
Hope you guys can help me out here, thanks in advance!
...as root.
^Note that I run this under OS X, hence 501 as regular user.
But to answer your other question. If you invoke your script as non-root, you will always get a different value than 0. It works as expected.
And here is a thread on the difference between UID and EUID: http://www.linuxquestions.org/questi...nd-euid-75124/
getuid() and geteuid() are system calls that can be made from a compiled program, not from a script. In a shell script, UID and EUID serve the same purpose.
Just to clarify, UID and EUID would be exactly the same if I am running a shell script whose setuid bit is on, but if it is for a compiled program (Does this term exclusively refer to binary file?) and this compiled program has its setuid bit turned on, then I would have the UID reading my UID and EUID reading the root's(i.e. 0). Am I right?
Just to clarify, UID and EUID would be exactly the same if I am running a shell script whose setuid bit is on, but if it is for a compiled program (Does this term exclusively refer to binary file?) and this compiled program has its setuid bit turned on, then I would have the UID reading my UID and EUID reading the root's(i.e. 0). Am I right?
Only if the ownership of the binary is root.
The setuid bit only flags that the EUID should set to the owner of the binary, and that owner can be set to any UID by root - otherwise it is owned by the creator.
That is why it is considered a security issue. Some places do not want users to be able to give away access to their login - thus having user writable filesystems mounted as "nosuid", prevents users from creating a setuid binary and allowing other users access it (the setuid bit is not honored when the filesystem the binary is on is mounted "nosuid").
Note: it is rather difficult to get a setuid binary secure. There are a LOT of things you must not do - buffer overruns, some system calls (system, popen ...) can be coerced to give away inappropriate access. Also note: the real UID also give the binary access to the users files as well...
The setuid bit only flags that the EUID should set to the owner of the binary, and that owner can be set to any UID by root - otherwise it is owned by the creator.
That is why it is considered a security issue. Some places do not want users to be able to give away access to their login - thus having user writable filesystems mounted as "nosuid", prevents users from creating a setuid binary and allowing other users access it (the setuid bit is not honored when the filesystem the binary is on is mounted "nosuid")
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.