Open In App

Real, Effective and Saved UserID in Linux

Improve
Improve
Like Article
Like
Save
Share
Report

Every user in Unix like operating system is identified by a different integer number, this unique number is called as UserID. 

There are three types of UID defined for a process, which can be dynamically changed as per the privilege of task. 

The three different types of UIDs defined are : 
1. Real UserID 
2. Effective UserID 
3. Saved UserID 

1. Real UserID : For a process, Real UserId is simply the UserID of the user that has started it. It defines which files that this process has access to. 

2. Effective UserID : It is normally the same as Real UserID, but sometimes it is changed to enable a non-privileged user to access files that can only be accessed by a privileged user like root.

If you see the permission of /usr/bin/passwd file:

-rwsr-xr-x 1 root root 59640 Mar 23  2019 /usr/bin/passwd 

So if a non-root user runs this file, the EUID of the process will be “0” i.e. root and UID remains the same as of original user.

3. Saved UserID : It is used when a process is running with elevated privileges (generally root) needs to do some under-privileged work, this can be achieved by temporarily switching to a non-privileged account. 

While performing under-privileged work, the effective UID is changed to some lower privilege value, and the euid is saved to saved userID(suid), so that it can be used for switching back to a privileged account when the task is completed. 

You can print UID by simply typing id on terminal : 

# id

Output:

uid=1000(mandeep) gid=1000(mandeep) 
groups=1000(mandeep), 4(adm), 24(cdrom), 
27(sudo), 30(dip), 46(plugdev), 113(lpadmin), 
128(sambashare)

id command can be used to print real and effective user and group IDs 

Different options of id:

-g, --group : print only effective group id
-G, --groups : print all group IDs
-r, --real : print only real user id
-u, --user : print only effective user id

For example :  

id -g

Output :  

1000

Note: While you use id command with -r option, you will get error like 

id: cannot print only names or real IDs in default format

To deal with this, use -r option in conjunction with other option, for example, id -rg 
Now, for setting up real user ID, the effective user ID, and the saved set-user-ID of the calling process, we use setresuid() and setresgid() 
Syntax :  

int setresuid(uid_t ruid, uid_t euid, uid_t suid); # for specific user
int setresgid(gid_t rgid, gid_t egid, gid_t sgid); # for specific group

Return Value : 
On success, 0 is returned. 
On error, -1 is returned. 

For more details : Use Linux manual page (man user id).


Last Updated : 18 Mar, 2021
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads