Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.
- Create BookmarkCreate Bookmark
- Create Note or TagCreate Note or Tag
- DownloadDownload
- PrintPrint
Chapter 4. Handling Multiple Processes > HOW TO USE SETUID AND SETGID
4.4. HOW TO USE SETUID AND SETGID
You have already come across the concept of a process running under a different user or group ID from that of the user who invoked the process, when we examined the setuid and setgid bits of the UNIX access mode. Those bits made a process launch with the user or group ID specified in the executable file's ownership, although the process can still find out which user launched it. This is because there are actually multiple user and group IDs associated with any process, but usually they all happen to be the same. The real UID and GID represent the user and group accounts that launched the process, and so are suitable for accounting purposes. The permissions accorded to the process are determined by its effective UID and GID. Consider a tool that reports on the tool's real and effective UID and GID, like this:
#include <stdio.h>
#include <unistd.h>
int main(int argc, const char *argv[]) {
uid_t realUid, effectiveUid;
gid_t realGid, effectiveGid;
