seteuid, setegid - set effective user or group ID
seteuid, setegid - 设置有效的用户和组id
所需头文件
#include <sys/types.h>
#include <unistd.h>
int seteuid(uid_t euid);
int setegid(gid_t egid);
seteuid() sets the effective user ID of the calling process. Unprivileged user processes may only set the effective user ID to the real user ID, the effective user ID or the saved set-user-ID. Precisely the same holds for setegid() with "group" instead of "user".
seteuid设置调用进程的有效的用户id,无特权的用户进程可能只能设置有效用户id到真实的用户id,有效用户id或者保存的设置用户id,setegid拥有同样的功能,不过是针对组,而不是针对用户
On success, zero is returned. On error, -1 is returned, and errno is set appropriately.
成功的时候返回,错误的时候返回-1,errno被设置成适当的值
EPERM The calling process is not privileged (Linux: does not have the CAP_SETUID capability in the case of seteuid(), or the CAP_SETGID capability in the case of setegid()) and euid (respectively, egid) is not the real user (group) ID, the effective user (group) ID, or the saved set-user-ID (saved set-group-ID).
EPERM调用的进程没有权限,或者就setegid和euid来说,真实用户id,有效用户id,保存的设置用户id没有CAP_SETGID属性
Setting the effective user (group) ID to the saved set-user-ID (saved set-group-ID) is possible since Linux 1.1.37 (1.1.38). On an arbitrary system one should check _POSIX_SAVED_IDS.
从linux1.1.37之后,设置有效用户id到保存的设置用户id就成为了可能,在一个专制的系统中需要检查_POSIX_SAVED_IDS
Under libc4, libc5 and glibc 2.0 seteuid(euid) is equivalent to setreuid(-1, euid) and hence may change the saved set-user-ID. Under glibc 2.1 and later it is equivalent to setresuid(-1, euid, -1) and hence does not change the saved set-user-ID. Analogous remarks hold for setegid(), with the difference that the change in implementation from setregid(-1, egid) to setresgid(-1, egid, -1) occurred in glibc 2.2 or 2.3 (dependeing on the hardware architecture).
在libc4,libc5和glibc2.0之前,seteuid和setreuid是等价的,因此可能改变保存的设置用户id。glibc2.1之后,等价与setresuid,因此不会改变保存的设置用户id,setegid拥有类似的标记,不同的是setregid和setresgid是在glibc2.2和2.3中实现的
According to POSIX.1, seteuid() (setegid()) need not permit euid (egid) to be the same value as the current effective user (group) ID, and some impleentations do not permit this.
运行结果如下:
seteuid, setegid - 设置有效的用户和组id
所需头文件
#include <sys/types.h>
#include <unistd.h>
int seteuid(uid_t euid);
int setegid(gid_t egid);
seteuid() sets the effective user ID of the calling process. Unprivileged user processes may only set the effective user ID to the real user ID, the effective user ID or the saved set-user-ID. Precisely the same holds for setegid() with "group" instead of "user".
seteuid设置调用进程的有效的用户id,无特权的用户进程可能只能设置有效用户id到真实的用户id,有效用户id或者保存的设置用户id,setegid拥有同样的功能,不过是针对组,而不是针对用户
On success, zero is returned. On error, -1 is returned, and errno is set appropriately.
成功的时候返回,错误的时候返回-1,errno被设置成适当的值
EPERM The calling process is not privileged (Linux: does not have the CAP_SETUID capability in the case of seteuid(), or the CAP_SETGID capability in the case of setegid()) and euid (respectively, egid) is not the real user (group) ID, the effective user (group) ID, or the saved set-user-ID (saved set-group-ID).
EPERM调用的进程没有权限,或者就setegid和euid来说,真实用户id,有效用户id,保存的设置用户id没有CAP_SETGID属性
Setting the effective user (group) ID to the saved set-user-ID (saved set-group-ID) is possible since Linux 1.1.37 (1.1.38). On an arbitrary system one should check _POSIX_SAVED_IDS.
从linux1.1.37之后,设置有效用户id到保存的设置用户id就成为了可能,在一个专制的系统中需要检查_POSIX_SAVED_IDS
Under libc4, libc5 and glibc 2.0 seteuid(euid) is equivalent to setreuid(-1, euid) and hence may change the saved set-user-ID. Under glibc 2.1 and later it is equivalent to setresuid(-1, euid, -1) and hence does not change the saved set-user-ID. Analogous remarks hold for setegid(), with the difference that the change in implementation from setregid(-1, egid) to setresgid(-1, egid, -1) occurred in glibc 2.2 or 2.3 (dependeing on the hardware architecture).
在libc4,libc5和glibc2.0之前,seteuid和setreuid是等价的,因此可能改变保存的设置用户id。glibc2.1之后,等价与setresuid,因此不会改变保存的设置用户id,setegid拥有类似的标记,不同的是setregid和setresgid是在glibc2.2和2.3中实现的
According to POSIX.1, seteuid() (setegid()) need not permit euid (egid) to be the same value as the current effective user (group) ID, and some impleentations do not permit this.
给予POSIX.1,seeuid不需要euid与当前有效用户id相同,一些实现不需要这个。
testcase如下:
#include <sys/types.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>
#include <errno.h>
int main(void)
{
uid_t euid;
gid_t egid;
euid = geteuid();
egid = getegid();
printf("euid = %d\negid = %d\n", euid, egid);
euid = 1001;
if (seteuid(euid) == -1) {
printf("seteuid error: %s\n", strerror(errno));
return -1;
}
euid = geteuid();
printf("euid = %d\n", euid);
egid = 1001;
if (setegid(egid) == -1) {
printf("setegid error: %s\n", strerror(errno));
return -1;
}
egid = getegid();
printf("egid = %d\n", egid);
return 0;
}
运行结果如下:
cheny.le@cheny-ThinkPad-T420:~/cheny/testCode$ sudo ./a.out
euid = 0
egid = 0
euid = 1001
setegid error: Operation not permitted
比较奇怪的是egid一直是无法改变,我用的是sudo权限都不行,希望大神能指点迷津
1024
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
