pavement

Setuid

From FreeBSDwiki
Jump to: navigation, search

setuid (and its fellow commands setgid and seteuid) are all system calls that a program can use to change its user ID, group ID and effective user ID (respectively.)

From the man page for setuid:

    The setuid() system call sets the real and effective user IDs and the
    saved set-user-ID of the current process to the specified value.  The
    setuid() system call is permitted if the specified ID is equal to the
    real user ID or the effective user ID of the process, or if the effective
    user ID is that of the super user.

    The setgid() system call sets the real and effective group IDs and the
    saved set-group-ID of the current process to the specified value.  The
    setgid() system call is permitted if the specified ID is equal to the
    real group ID or the effective group ID of the process, or if the effec-
    tive user ID is that of the super user.

    The seteuid() system call (setegid()) sets the effective user ID (group
    ID) of the current process.  The effective user ID may be set to the
    value of the real user ID or the saved set-user-ID (see intro(2) and
    execve(2)); in this way, the effective user ID of a set-user-ID exe-
    cutable may be toggled by switching to the real user ID, then re-enabled
    by reverting to the set-user-ID value.  Similarly, the effective group ID
    may be set to the value of the real group ID or the saved set-group-ID.

See also http://setuid.org/

Personal tools