Identity

Every process on a Unix-like operating system is associated with a user ID (UID) and a group ID (GID). These IDs determine the permissions that the process has when accessing system resources, or requesting changes to its process state such as its own UID or GID.

A process can also acquire effective IDs (EUID and EGID) that are different from its UID and GID. These effective IDs are set when a program is executed that has the special Set-User ID (SUID) or Set-Group ID (SGID) flags set on its file. These effective IDs match the user or group that owns the file, rather than the IDs of the parent process. Many special system utilities have the SUID or SGID flags set in order to be able to perform privileged operations on behalf of otherwise unprivileged users–for example, starting or stopping system services.

The init process always has UID and GID of 0, which is associated with a special user called “root”. The root user has full administrative privileges in the system, and bypasses all permissions checks when accessing system resources or performing other privileged operations. A process with UID 0 has the ability to change any of its own properties, including its UID and GID, which allows a privileged process to “drop” privileges before executing an unprivileged one. This is how users are log in–a login process running as the root user verifies the user’s login credentials, spawns a new child process, sets the child’s UID and GID to the user’s account, and then executes the user’s login shell.

An interesting result of this is that it is impossible for any descendants of the user’s shell from regaining these root credentials, except when executing one of the special SUID/SGID system utilities. Most of these utilities perform a very limited and controlled set of operations on behalf of users; however, one common general purpose SUID utility is the sudo (“Super-User Do”) utility. The sudo utility allows users to run arbitrary commands as other users, including the root user, based on a fine-tunable set of permissions and additional credential requirements that are registered in a special configuration file–called the sudoers file. The sudo utility is commonly used for things like updating system software, changing the system’s time, and so on. By explicitly running only individual commands as the super-user using sudo, system administrators can avoid logging in directly as the root user, which reduces the risk of accidentally damaging the entire system due to a mistyped command.