9

What is the difference between setuid and seteuid function. In man page both of the function have similar description.

setuid:

DESCRIPTION

   setuid()  sets  the  effective user ID of the calling process.  If the effective UID of the caller is root, the real UID and saved
   set-user-ID are also set.

seteuid:

DESCRIPTION

   seteuid()  sets  the  effective user ID of the calling process.  Unprivileged user processes may only set the effective user ID to
   the real user ID, the effective user ID or the saved set-user-ID.

In both of the description contains sets the effective user ID of the calling process. So what is the difference between these two and how the functionality differs between these functions.

And One more doubt is, using chmod(chmod u+s ) only we can set the set user id permission to the file. Then only during runtime of the program, the process have permission who is set to set user id. Apart from these how these functions set the effective userid to the process.

mohangraj
  • 8,182
  • 15
  • 49
  • 86
  • Possible duplicate of [Difference between setuid and seteuid function](http://stackoverflow.com/questions/33077818/difference-between-setuid-and-seteuid-function) – Snorex Jan 26 '17 at 16:22
  • Looks similar to your other post from the same day. In order to tidy things up, maybe edit the later posted question to include the info above, and then delete this one? – Snorex Jan 26 '17 at 16:53

2 Answers2

6

From the man page:

   Thus, a set-user-ID-root program wishing to temporarily drop root
   privileges, assume the identity of an unprivileged user, and then
   regain root privileges afterward cannot use setuid().  You can
   accomplish this with seteuid(2).
user3159253
  • 15,770
  • 3
  • 26
  • 46
  • What is the need. why the root need unprivileged user identity. Do you have any example? – mohangraj Oct 12 '15 at 08:40
  • 1
    Well, one possible example is when a process needs some privileged resources (e.g. 80 port for an HTTP server), but after the process gathered that resource, there's absolutely no need to run as `root` anymore (so you may check, an Apache webserver runs as an unprivileged user like `_http` or `_apache`). Usualy such a measure is used as a security precaution: a possible breakup of an unpriviliged server usually gives less harmful consequences. – user3159253 Oct 12 '15 at 08:45
  • 2
    I have a doubt in the above man page reference. Using setuid we can set the effective user id of the process. For Ex: setuid(getuid()); After this statement is executed, the effective userid of the process is changed to current user. So, to regain the root permission, I am simply use, setuid(0); But why the man page reference shows `afterward cannot use setuid(). You can accomplish this with seteuid(2)`. – mohangraj Oct 12 '15 at 10:19
0

In answer to the question "why use seteuid()": some system applications use seteuid() so that they can attempt to execute instructions with the privileges of the "effective" user. This allows a programming running as root to ensure that, for example, any files it creates are created using the effective user id and not the root id.

Perhaps the most notable application is the Unix "cron" system which has to run as user "root" but has the responsibility of executing arbitrary commands as arbitrary users.

I Steele
  • 1