0

From APUE

  1. If the process has superuser privileges, the setuid function sets the real user ID, effective user ID, and saved set-user-ID to uid.
  2. If the process does not have superuser privileges, but uid equals either the real user ID or the saved set-user-ID, setuid sets only the effective user ID to uid. The real user ID and the saved set-user-ID are not changed.
  3. If neither of these two conditions is true, errno is set to EPERM and −1 is returned.

What does "a process have superuser privileges" mean?

Does it mean the real user of the process have ID 0 i.e. being root?

Does it mean the effective user of the process have ID 0 i.e. being root?

Thanks.

Improve this question

1 Answer 1

Reset to default
3

In POSIX, a process has superuser privileges if its effective user id is 0.

(Some Unix-style systems have different mechanisms; for example, on Linux, the default access-control system also considers capabilities, and you can create a setuid binary which will run with a root effective user but have no capabilities and hence be powerless. See the setuid manpage.)

APUE is describing the specified behaviour of setuid. The context is given in the way user ids are set up by exec: if an executable has the setuid bit set, and its file system is mounted without disabling setuid, running it with exec results in a process whose effective user is the owner of the file, and whose real and saved user is the calling user.

If setuid is called with an effective root user, it replaces all the user ids; otherwise it only replaces the effective id. This ends up being confusing... The reason for this behaviour is given in the rationale of the POSIX spec: login and su need to be able to change user ids in an irrevocable fashion, and the only way to do that is to replace all the ids.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.