How does UNIX set the user ID bit?

In Linux, each process has several user ID bits. How do these user IDs set permissions for file access? This article takes UNIX as an example to briefly introduce how UNIX sets the user ID bit.

with a stat function to obtain file status information, such prototypes are:

int stat (const char * path, struct stat * buf);

The structure of the structure stat:

struct stat {

dev_t st_dev; /* ID of device containing file */

ino_t st_ino; /* inode number */

mode_t st_mode; /* protection */

nlink_t st_nlink; /* number of hard links */

uid_t st_uid; /* user ID of owner */

gid_t st_gid; /* group ID of owner */

dev_t st_rdev; /* device ID (if special file) */

off_t st_size; /* total size, in Bytes */

blksize_t st_blksize; /* blocksize for file system I/O */

blkcnt_t st_blocks; /* number of 512B blocks allocated */

time_t st_atime; /* time of last access */

time_t st_mtime; /* time of last modification */

time_t st_ctime; /* time of last status change */

};

buf parameter from the outgoing group ID may be used to get st_uid, file owner ID st_gid representation, and the owner's files.

There are also several sets of ID concepts in the UNIX process. They are the actual user ID, the actual user group ID, the valid user ID, the effective user group ID, and so on. When we start a process, usually the effective user ID of this process is the actual ID of the process (for example, I log in with the eric user, this valid user is the ID corresponding to my eric). However, when the "set user ID bit" is turned on, the valid ID is the ID of the owner corresponding to the program file of the process.

$ls -l 1.txt

-rw------- 1 root root 16 April 29 14:31 1.txt

Below the current directory There is a file “1.txt” is the owner root, and only root has read and write permissions.

1 int main()

2 {

3 int fd;

4 if((fd=open(“1.txt”, O_RDONLY)) == -1)

5 {

6 printf(“Open failed.\ ”);

7 exit(-1);

8 }

9 char buf[1024]={0};

10 read(fd,buf,1024);

11 printf(buf) ;

12 printf(“\ ”);

13 }

First I use the su command in the terminal to use the root user. Gcc read.c -omain. Get the main program.

# gcc read.c -omain

# exit

exit

$ main

Open failed.

Obviously the owner of main is also root, but the main program can still not open "1.txt", this is because the effective ID of the process after main startup is the actual user ID of the process (that is, the ID of the eric account), and “1.txt” only has read and write access to the root user, so open fails.

Open the main user ID bit to open the shell command: chmod u+s main

I use the c program, the main code is as follows:

1 struct stat Buf = {0};

2 stat(“main”,&buf);

3 buf.st_mode | = S_ISUID;

4 chmod(“main”,buf.st_mode);

After execution, the main “set user ID bit” is turned on. Then execute the main program under the non-root terminal and successfully read the contents of 1.txt

$ main

linuxidc.com

linux permission design is quite reasonable Although the main program can run at the root of the owner, this requires the authorization of the root user: Open the program file's “set uid bit” (set the user ID bit). Just take into account the risk of this program when opening this set uid bit. Of course, authorization should be cautious.

The above is how UNIX sets the user ID bit. This article describes how to set the user ID and set the user ID as an example of file permission settings.