Introduction
Introduction
Sometimes when we run a command, our account doesn’t actually have the permission to do certain thing. This is why effective UID is invented, it allows us to borrow permissions from other account when needed in the process
Real UID
This states who you really are, this tells us which account do you use to run this command
Effective UID
This can be determined by the executable file’s metadata, we can borrow permissions from this account when we run this executable file
For example, other than superuser, no one has the right to change password. However, we can change password by the command passwd, this is because the effective UID of passwd is the superuser
How it works?
User A creates executable A1 and sets the setuid bit, making A the effective user when A1 runs. Inside A1, the code reads file A2, which has permission 0400 (only owner A can read).
When User B runs A1:
- B cannot read A2 directly (B doesn’t own it)
- But A1 succeeds in reading A2
Why? When B executes A1, the process runs with:
- Real UID = B (who launched it)
- Effective UID = A (from the setuid bit)
Since file access is checked against the Effective UID, the process has A’s permissions and can read A2. The setuid bit lets B’s process temporarily “borrow” A’s privileges for that specific program.
Extra File Permissions
Introduction
This section tells us how do we set effective UID or GID
Method
Set user-id
- octal value:
04000 - symbolic:
--s --- ---
This permission means the effective UID of this executable file is the file owner’s account
Set group-id
- octal value:
02000 - symbolic:
--- --s ---
This permission means the effective GID of this executable file is the file owner’s group