Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!wuarchive!gem.mps.ohio-state.edu!ginosko!uunet!virtech!cpcahil From: cpcahil@virtech.UUCP (Conor P. Cahill) Newsgroups: comp.unix.wizards Subject: Re: Real and effective userids. Summary: no it doesn't. Message-ID: <1223@virtech.UUCP> Date: 3 Oct 89 11:33:29 GMT References: <288@bmers58.UUCP> <2204@hydra.gatech.EDU> <1219@virtech.UUCP> <291@bmers58.UUCP> Organization: Virtual Technologies Inc Lines: 43 In article <291@bmers58.UUCP>, davem@bmers58.UUCP (Dave Mielke) writes: > In article <1219@virtech.UUCP> cpcahil@virtech.UUCP (Conor P. Cahill) writes: > >The real userid is the numerical id of "the user" > >that is running a process, as opposed to "the effective" id of the process > >that is used to determine whether you can open, create, unlink, etc. a file. > > This is intuitively the way things should work, but when I open a file > from within a setuid program it appears to enforce the access rights of > the real userid and not those of the effective userid. Why is this? You don't post your program so I can't tell you what is happening, but using the following code: main() { close(creat("testfile.cpc",0777)); } compiling the program, changing the mode to 4755, -rwsr-xr-x 1 cpcahil opadmin 5281 Oct 3 07:20 /tmp/t log in as user angie with home directory mode: drwxr-x--- 7 angie opadmin 512 Oct 3 07:23 . Run /tmp/t and NO file is created since only the owner has write access and the program runs as cpcahil (who is not the owner). Run "chmod g+w ." and then re-run /tmp/t and the following file is created since the user's group does have write access to the current directory: drwxr-x--- 1 cpcahil opadmin 0 Oct 3 07:24 testfile.cpc Note that the file is not owned by the current user (angie) but by the owner of the program that is setuid. -- +-----------------------------------------------------------------------+ | Conor P. Cahill uunet!virtech!cpcahil 703-430-9247 ! | Virtual Technologies Inc., P. O. Box 876, Sterling, VA 22170 | +-----------------------------------------------------------------------+