Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!purdue!bu-cs!encore!pinocchio.encore.com From: jdarcy@pinocchio.encore.com (Jeff d'Arcy) Newsgroups: comp.unix.wizards Subject: Re: Real and effective userids. Message-ID: <10063@multimax.Encore.COM> Date: 3 Oct 89 13:33:07 GMT References: <291@bmers58.UUCP> Sender: news@Encore.COM Lines: 19 cpcahil@virtech.UUCP (Conor P. Cahill): > The real userid is the numerical id of "the user" > that is running a process, as opposed to "the effective" id of the process > that is used to determine whether you can open, create, unlink, etc. a file. davem@bmers58.UUCP (Dave Mielke): > This is intuitively the way things should work, but when I open a file > from within a setuid program it appears to enforce the access rights of > the real userid and not those of the effective userid. Why is this? The system itself will use the EUID for checking permissions, but that doesn't mean that all programs make it that easy. Some programs quite deliberately do things such as set the EUID to be the same as the RUID, effectively undoing the effect of the SUID bit. This is often done to close a security hole, and thus there's no really good general solution that doesn't involve serious changes to the semantics of SUID. Jeff d'Arcy jdarcy@encore.com (508) 460-0500 Encore has provided the medium, but the message remains my own