Chapter 9: Process Credentials

Every process has a number of associated numeric user identifiers (UIDs) and group identifiers (GIDs). Sometimes these are referred to as process credentials. These identifiers are as follows:
  • real user ID and group ID;
  • effective user ID and group ID;
  • saved set-user-ID and saved set-group-ID;
  • file system user ID and group ID (Linux-specific); and
  • supplementary group IDs.
In the following pages, we look in detail at the purpose of these process identifiers and describe the system calls and library functions that can be used to retrieve and change these identifiers. We also discuss the notion of privileged and unprivileged processes, and the use of the set-user-ID and set-group-ID mechanisms, which allow the creation of programs that run with the privileges of a specified user or group.

9 Process Credentials
9.1 Real User ID and Real Group ID
9.2 Effective User ID and Effective Group ID
9.3 Set-user-ID and Set-group-ID Programs
9.4 Saved Set-user-ID and Saved Set-group-ID
9.5 File System User ID and File System Group ID
9.6 Supplementary Group IDs
9.7 Retrieving and Modifying Process Credentials
        9.7.1 Retrieving and Modifying Real, Effective, and Saved Set IDs
        9.7.2 Retrieving and Modifying File System IDs
        9.7.3 Retrieving and Modifying Supplementary Group IDs
        9.7.4 Summary of Calls for Modifying Process Credentials
        9.7.5 Example: Displaying Process Credentials
9.8 Summary
9.9 Exercises

No comments:

Post a Comment