实际用户ID，有效用户ID和保存的用户ID之间的区别 [英] Difference between Real User ID, Effective User ID and Saved User ID

问题描述

我已经知道真正的用户ID。它是在系统中的用户的唯一的编号。在我的系统，我的uid是

I am already aware of real user id. It is the unique number for a user in the system. In my system, My uid is

$ echo $UID
1014
$                 

什么是其他两个ID的立场进行。什么是使用有效用户ID和保存的用户ID和我们使用它的系统。

What are the other two ID's stands for. And what is the use of effective user id and saved user id and where we use it in the system.

推荐答案

真实和有效的用户id作出，因为你可能有必要暂时采取其他用户的身份（大部分时间之间的区别，这将是根，但它可以是任何用户）。如果你只有一个用户ID，那么就没有后来变回原来的用户ID（而不是把你的话是理所当然的，并且如果你是根，使用的根权限更改为任何用户）。

The distinction between a real and an effective user id is made because you may have the need to temporarily take another user's identity (most of the time, that would be root, but it could be any user). If you only had one user id, then there would be no way of changing back to your original user id afterwards (other than taking your word for granted, and in case you are root, using root's privileges to change to any user).

那么，真正的用户ID是你到底是谁（谁拥有的过程中一），有效用户ID是操作系统的外观以使你是否被允许做一些事情的决定（最的时候，也有一些例外）。

So, the real user id is who you really are (the one who owns the process), and the effective user id is what the operating system looks at to make a decision whether or not you are allowed to do something (most of the time, there are some exceptions).

当您登录时，由密码文件提供。登录shell套均真实有效的用户ID相同的值（你的真实用户ID）

When you log in, the login shell sets both the real and effective user id to the same value (your real user id) as supplied by the password file.

现在，它也恰好你执行一个setuid程序，而除了运行的其他用户（如根）的setuid程序是也的应该做的事代为通知。这是如何工作的？结果
执行setuid程序后，将有你的真实身份（因为你进程所有者）和文件所有者的有效用户ID（例如根），因为它为setuid。

Now, it also happens that you execute a setuid program, and besides running as another user (e.g. root) the setuid program is also supposed to do something on your behalf. How does this work?
After executing the setuid program, it will have your real id (since you're the process owner) and the effective user id of the file owner (for example root) since it is setuid.

程序没有什么神奇的，它需要具有超级用户权限去做，然​​后想做点事代为通知。这意味着，试图做一些事情，你不应该是能够做到的应该失败的。它是如何做到的？嗯，很明显，通过改变其有效用户ID为真实用户ID！

The program does whatever magic it needs to do with superuser privileges and then wants to do something on your behalf. That means, attempting to do something that you shouldn't be able to do should fail. How does it do that? Well, obviously by changing its effective user id to the real user id!

现在的setuid程序没有的，因为所有的内核知道切换回的方式是你的ID和...的您的ID 的。砰的一声，你就死定了。

Now that setuid program has no way of switching back since all the kernel knows is your id and... your id. Bang, you're dead.

这是保存设置的用户ID是什么。

This is what the saved set-user id is for.

这篇关于实际用户ID，有效用户ID和保存的用户ID之间的区别的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！