真实用户名、有效用户名和保存用户名的区别 [英] Difference between Real User ID, Effective User ID and Saved User ID

问题描述

我已经知道真实用户 ID.它是系统中用户的唯一编号.

I am already aware of the real user id. It is the unique number for a user in the system.

在我的系统上，我的 uid 是

On my system, my uid is

$ echo $UID
1014
$

另外两个 ID 代表什么?

What do the other two IDs stands for?

有效用户ID和保存的用户ID有什么用?我们在系统中的什么地方使用它们?

And what is the use of effective user id and saved user id and where do we use them in the system?

推荐答案

区分真实用户 ID 和有效用户 ID 是因为您可能需要临时获取另一个用户的身份(大多数情况下，这将是root，但它可以是任何用户).如果你只有一个用户 ID，那么之后就没有办法改回你原来的用户 ID(除了认为你的话是理所当然的，如果你是 root，使用 root 的权限可以更改为任何用户).

The distinction between a real and an effective user id is made because you may have the need to temporarily take another user's identity (most of the time, that would be root, but it could be any user). If you only had one user id, then there would be no way of changing back to your original user id afterwards (other than taking your word for granted, and in case you are root, using root's privileges to change to any user).

因此，真正的用户 id 是您的真实身份(拥有进程的人)，而有效的用户 id 是操作系统在决定是否允许您做某事(大多数有时，也有一些例外).

So, the real user id is who you really are (the one who owns the process), and the effective user id is what the operating system looks at to make a decision whether or not you are allowed to do something (most of the time, there are some exceptions).

当您登录时，登录 shell 会将真实和有效用户 ID 设置为密码文件提供的相同值(您的真实用户 ID).

When you log in, the login shell sets both the real and effective user id to the same value (your real user id) as supplied by the password file.

现在，你也执行了一个 setuid 程序，除了作为另一个用户(例如 root)运行之外，setuid 程序还应该对你的代表.这是如何工作的?
执行 setuid 程序后，它将拥有您的真实 ID(因为您是进程所有者)和文件所有者的有效用户 ID(例如 root)，因为它是 setuid.

Now, it also happens that you execute a setuid program, and besides running as another user (e.g. root) the setuid program is also supposed to do something on your behalf. How does this work?
After executing the setuid program, it will have your real id (since you're the process owner) and the effective user id of the file owner (for example root) since it is setuid.

该程序使用超级用户权限执行它需要做的任何事情，然后想代表您做一些事情.这意味着，尝试做一些你不应该做的事情应该会失败.它是如何做到的?好吧，显然是通过将其有效用户 ID 更改为真实用户 ID！

The program does whatever magic it needs to do with superuser privileges and then wants to do something on your behalf. That means, attempting to do something that you shouldn't be able to do should fail. How does it do that? Well, obviously by changing its effective user id to the real user id!

现在 setuid 程序无法切换回来，因为所有内核都知道您的 id 和...您的 id.砰，你死定了.

Now that setuid program has no way of switching back since all the kernel knows is your id and... your id. Bang, you're dead.

这就是保存的 set-user id 的用途.

This is what the saved set-user id is for.

这篇关于真实用户名、有效用户名和保存用户名的区别的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！