进程可以具有的每个不同的UID的目的是什么? [英] What's the purpose of each of the different UIDs a process can have?

问题描述

实际UID，有效UID以及某些系统甚至具有保存的UID".所有这些的目的是什么，尤其是最后一个?

Real UID, effective UID, and some systems even have a "saved UID". What's the purpose of all these, especially the last one?

推荐答案

每个UNIX进程都有3个与之关联的UID.超级用户特权是UID = 0.

Each UNIX process has 3 UIDs associated to it. Superuser privilege is UID=0.

真实UID

这是创建此进程的用户/进程的UID.仅当正在运行的进程的EUID = 0时，才可以更改它.

This is the UID of the user/process that created THIS process. It can be changed only if the running process has EUID=0.

有效UID

此UID用于评估执行特定操作的进程的特权.可以将EUID更改为RUID，如果EUID！= 0，则可以将SUID更改为SUID.如果EUID = 0，则可以将其更改为任何值.

This UID is used to evaluate privileges of the process to perform a particular action. EUID can be changed either to RUID, or SUID if EUID!=0. If EUID=0, it can be changed to anything.

已保存的UID

如果您将set-UID位置1来运行可执行文件，则最终的运行过程将以运行它的真实用户的真实UID以及可执行文件所有者的有效且已保存的UID开始.如果该过程随后调用setuid()或seteuid()来更改其有效UID，则由于保存了UID，它们仍然可以再次取回其原始特权.如果未设置set-UID，则SUID将成为RUID.

If you run an executable with the set-UID bit set, then the resulting running process will start off with a real UID of the real user running it, and an effective and saved UID of the owner of the executable file. If the process then calls setuid() or seteuid() to change their effective UID, they can still get back their original privileges again thanks to the saved UID. If the set-UID bit is not set, SUID will be the RUID.

这篇关于进程可以具有的每个不同的UID的目的是什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！