Unix/Linux:实际用户ID，有效用户ID和已保存用户ID之间的差异 [英] Unix / Linux: Difference between Real User ID, Effective User ID and Saved User ID

问题描述

我已经知道真实用户ID .它是系统中用户的唯一编号.

I am already aware of real user id. It is the unique number for a user in the system.

在我的系统中，我的uid是

$ echo $UID
1014
$                 

其他两个ID代表什么?
有效用户ID 和已保存用户ID 的用途是什么，我们在系统中使用它的地方是什么?

What are the other two ID's stands for?
And what is the use of effective user id and saved user id and where we use it in the system?

推荐答案

区分真实用户ID和有效用户ID是因为您可能需要临时获取其他用户的身份(大多数情况下，这是root，但可以是任何用户).如果您只有一个用户ID，则之后将无法再更改回原始用户ID(除非您想当然，而且如果您是root，请使用root的特权进行更改)给任何用户).

The distinction between a real and an effective user id is made because you may have the need to temporarily take another user's identity (most of the time, that would be root, but it could be any user). If you only had one user id, then there would be no way of changing back to your original user id afterwards (other than taking your word for granted, and in case you are root, using root's privileges to change to any user).

因此，真实的用户ID是您真正的身份(拥有该进程的人)，有效的用户ID是操作系统将用来确定是否允许您做某事的决定(大多数情况下，有时会有一些例外).

So, the real user id is who you really are (the one who owns the process), and the effective user id is what the operating system looks at to make a decision whether or not you are allowed to do something (most of the time, there are some exceptions).

登录时，登录外壳将实际用户ID和有效用户ID设置为与密码文件提供的值相同(您的实际用户ID).

When you log in, the login shell sets both the real and effective user id to the same value (your real user id) as supplied by the password file.

现在，您还会执行一个setuid程序，并且除了以另一个用户(例如root)身份运行外， 还应该以setuid程序代表您执行某项操作.如何运作?
执行setuid程序后，由于它是setuid，因此它将具有您的真实ID(因为您是进程所有者)和文件所有者的有效用户ID(例如root).

Now, it also happens that you execute a setuid program, and besides running as another user (e.g. root) the setuid program is also supposed to do something on your behalf. How does this work?
After executing the setuid program, it will have your real id (since you're the process owner) and the effective user id of the file owner (for example root) since it is setuid.

该程序利用超级用户特权执行其所需执行的所有操作，然后希望代表您执行某些操作.这意味着，尝试做一些您本不应该做的事情应该会失败.它是如何做到的?好吧，显然是通过将其有效用户ID更改为实际用户ID！

The program does whatever magic it needs to do with superuser privileges and then wants to do something on your behalf. That means, attempting to do something that you shouldn't be able to do should fail. How does it do that? Well, obviously by changing its effective user id to the real user id!

现在，setuid程序无法切换回去，因为所有内核都知道您的ID和... 您的ID .砰，你死了.

Now that setuid program has no way of switching back since all the kernel knows is your id and... your id. Bang, you're dead.

这是保存的设置用户ID的用途.

This is what the saved set-user id is for.

这篇关于Unix/Linux:实际用户ID，有效用户ID和已保存用户ID之间的差异的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！