setuid和seteuid函数之间的区别 [英] Difference between setuid and seteuid function

问题描述

    #include<stdio.h>
    #include<sys/types.h>
    #include<unistd.h>
    void main()
    {
        printf("Real user id = %d, Effective User id = %d\n",getuid(),geteuid());
        setuid(1000);
        printf("Real user id = %d, Effective User id = %d\n",getuid(),geteuid());
        setuid(1014);
        printf("Real user id = %d, Effective User id = %d\n",getuid(),geteuid());
    }

输出:

    guest $ ./a.out 
    Real user id = 1000, Effective User id = 1014
    Real user id = 1000, Effective User id = 1000
    Real user id = 1000, Effective User id = 1014
    guest $

程序2:带有seteuid()的示例

    #include<stdio.h>
    #include<sys/types.h>
    #include<unistd.h>
    void main()
    {
        printf("Real user id = %d, Effective User id = %d\n",getuid(),geteuid());
        seteuid(1000);
        printf("Real user id = %d, Effective User id = %d\n",getuid(),geteuid());
        seteuid(1014);
        printf("Real user id = %d, Effective User id = %d\n",getuid(),geteuid());
    }

输出:

    guest $ ./a.out 
    Real user id = 1000, Effective User id = 1014
    Real user id = 1000, Effective User id = 1000
    Real user id = 1000, Effective User id = 1014
    guest $

两个程序都提供相同的输出.那么，这两个功能有什么区别?根据参考(手册页)，这两个功能均用于设置过程的有效用户ID.这两个程序之间的功能有何不同?

Both programs give the same output. So, what is the difference between these two functions? As per the reference (man page), both functions are used to set the effective user ID of the process. Where does the functionality differ between these two programs?

推荐答案

文档非常清楚区别:

如果用户是root或程序是set-user-ID-root，则必须格外小心. setuid()函数检查调用方的有效用户ID，如果它是超级用户，则所有与进程相关的用户ID均设置为uid.发生这种情况后，该程序将无法重新获得root特权.

If the user is root or the program is set-user-ID-root, special care must be taken. The setuid() function checks the effective user ID of the caller and if it is the superuser, all process-related user ID's are set to uid. After this has occurred, it is impossible for the program to regain root privileges.

因此，一个希望临时删除root特权，假定无特权用户的身份，然后再获取root特权的set-user-ID-root程序不能使用 setuid().您可以使用 seteuid 完成此操作.

Thus, a set-user-ID-root program wishing to temporarily drop root privileges, assume the identity of an unprivileged user, and then regain root privileges afterward cannot use setuid(). You can accomplish this with seteuid.

这篇关于setuid和seteuid函数之间的区别的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！