IDs associated with each process and file’s mode word

IDs associated with each process and file’s mode word

 

IDs associated with each process

Every process has seven or more IDs associated with it. The basic seven IDs are: process ID, real IDs (real user ID, real group ID), effective IDs (effective user ID, effective group ID), saved IDs (saved set-user-ID, saved set-group-ID). The most important ID is process ID (read Process ID and special processes.doc).

 

These IDs are used for:

Process ID: distinguish one process from another

Real IDs:     identify who we really are

Effective IDs:    used for file access permission checks

Saved IDs:

 

There are corresponding get functions to get these IDs except saved IDs.

Process ID: getpid, getppid

Real IDs:     getuid, getgid

Effective IDs:    geteuid, getegid

"Note that none of these functions has an error return."

 

The other six IDs are initialized as follows:

Real IDs:     "taken from our entry in the password file when we log in."

Effective IDs:    "Normally, the effective user ID equals the real user ID, and the effective group ID equals the real group ID."

Saved IDs: "contain copies of the effective user ID and the effective group ID when a program is executed."

 

File's mode word

Position:

File's mode word is the i_mode member of the ext3_inode structure and can be copied to the st_mode member of the stat structure using one of the stat functions. It is called word because the i_mode member is 16 bits.

 

Bits:

15-12: file type bits

11: set-user-ID bit

10: set-group-ID bit

9: sticky bit

8-0: access permission bits

           8 7 6: owner access permission

           5 4 3: group access permission

           2 1 0: other access permission

 

Associated command(s) & function(s)

chmod(1), chmod(2), fchmod(2)

NOTE: These can only change low 12 bits of file's mode word.

 

[important]Relationship between set-user-ID bit, set-group-ID bit in a file's mode word and effective IDs associated with the process executing this file.

If the set-user-ID bit in a file's mode word is set to 1, the effective user ID associated with the process executing this file will change to the user ID of the file's owner. Same with the set-group-ID bit.

Example

下面是文件A对应的struct ext3_inode中的i_mode member，也就是文件A的文件模式字:

1000110110110100

"4-3-9"分段看

1000 100 110110100

a) regular file

b) 执行该文件的进程的effective user ID会改变，而effective group ID不会。

c) rw-rw-r--

mode > type