Understanding Unix UIDs

Table of contents:

  • Part 1: What are User Identifiers (UIDs)
  • Part 2: Process UIDs & Permissions
  • Part 3: File UIDs & Permissions
  • Part 4: Set owner User ID (SETUID a.k.a SUID) bit
  • Part 5: Sticky-bit
  • Part 6: Getting and Setting UIDs during run-time

Part 1: What are User Identifiers (UIDs)?

UID values

  • UIDs are stored inside uid_t which is a 32bit unsigned int
  • UID -1 (which is actually 4,294,967,294), represents an invalid UID
  • UID 0 is the superuser
  • UIDs 1–99 are statically allocated by the system
  • UIDs 100–499 are reserved for dynamically allocated users by the system and administrators. These days, most systems reserve the extended range 100–999 for this purpose.

Listing system users

<username>:<password>:<user-id>:<group-id>:<comment>:<home>:<shell>
  • Username: The textual representation of the user’s login name. It’s length is limited to 32 chars, and it should not contain capital letters.
  • Password: Today, a hint about the whereabouts of the user password. Older versions used this value differently.
  • User ID: The ID of the user
  • Group ID: The user’s primary group ID
  • Comment field (a.k.a GECOS or GCOS): Optional and used only for informational purposes.
  • Home: This is the user’s home directory: the initial directory where the user is placed after logging in.
  • Shell: This is the program to run at login (if empty, use /bin/sh). If set to a nonexistent executable, the user will be unable to login. Note: A standard trick is to put /usr/sbin/nologin for users that should never open a shell, but still allow other applications and other users re-authenticate as this user (Using methods we will discuss in the following sections)

Part 2: Process UIDs & Permissions

  • Real UID (ruid): This ID determines who owns the process.
  • Effective UID (euid): This is the actual UID that defines the process’ permissions when accessing shared resources such as message queues, shared memory, and semaphores. Note: On most UNIX systems, this UID also determines the permissions when accessing files, whereas Linux uses the filesystem UID described below for this task.
  • Saved set-UID (suid): This UID is used in set-user-ID programs to save the effective ID that was set when the program was executed. Such program can gain and drop privileges by switching its effective UID back and forth between the values in its real UID and saved set-UID.
  • File system UID (fsuid): This ID is used to determine permissions for accessing files.

Listing process’ UIDs

Name:   vim
State: S (sleeping)
Tgid: 12345
Pid: 12345
PPid: 12222
TracerPid: 0
Uid: 1000 1000 1000 1000
Gid: 1000 1000 1000 1000
FDSize: 3
Groups:

Shell UIDs

  • We can get our user name using whoami
  • We can get our real and effective UIDs using $UID and $EUID respectively
Uid:    1000    1000    1000    1000

Executed Process UIDs

> echo $EUID
1001
> vim &
> grep Uid /proc/$!/status
Uid: 1001 1001 1001 1001

Part 3: File UIDs & Permissions

Who owns this file and what are its permissions

          OWNER GROUP OTHER
|---| |---| |---|
- r w x r w x r w x
| | | | | | | | | |
| | | | | | | | | +----> Others can execute
| | | | | | | | +------> Others can write
| | | | | | | +--------> Others can read
| | | | | | |
| | | | | | +----------> Group members can execute
| | | | | +------------> Group members can write
| | | | +--------------> Group members can read
| | | |
| | | +----------------> Owner can execute
| | +------------------> Owner can write
| +--------------------> Owner can read
|
+----------------------> File type
-rwxr-xr-x 1 someuser myusers 1113504 Apr  4  2018 /bin/bash
  • File owner is someuser
  • File group is myusers
  • Owner can read, write and execute this file
  • Group members can read and execute this file, but not write to it
  • Other members can read and execute this file, but not write to it

Understanding directory permissions

  • Read permission: Permitted users can enumerate the file names inside a given directory. However, the file name is the only accessible property.
  • Execute permission: Permitted users can access files of which they know of. If there is an executable ssh in the a directory apps , they won’t be able to run ls -l apps , but could still execute apps/ssh , or ls apps/ssh (Given they have appropriate permissions on the file itself).
  • Write permissions: Permitted users can create, delete or modify any files and subdirectories. Here, in contrast to the execute permission, these actions are allowed even if the file or subdirectory is owned by another user.

Numeric representation of the permissions mask

-rwxr-xr-x 1 someuser myusers 1113504 Apr  4  2018 /bin/bash
rwx --------> 4 + 2 + 1 = 7
r-x -----> 4 + 0 + 1 = 5
r-x --> 4 + 0 + 1 = 5
==> The numerical mode is 0755

Changing file owner

# Set root user as the owner of the file
chown root:root /path/to/my/exec
# Set someuser as the owner and myusers as the group of the file
chown someuser:myusers /path/to/my/exec

Changing file permissions

# Make readable, writable and executable by anyone
chmod 0777 /bin/bash
# Make readable and executable by owner only
chmod 0600 ~/.ssh/authorized_keys
  • Which users’ access to the file will be changed: Owner a.k.a user (u), Group members(g), Others (o), or all users (a). When this bit is not specified, the default is all users (a).
  • An operator that defines the type of change, e.g. setting new permissions (+) or clearing them (-)
  • The affected permissions, e.g. read (r) or write (w)
chmod g+x /bin/bash # Add execution permissions for group members
chmod u-w /bin/bash # Remove write permissions for owner
chmod +r /bin/bash # Add read permissions for all users

Part 4: Set owner User ID (SETUID a.k.a SUID) bit

> whoami
user1
> echo $EUID
1000
> ls -l printuids
-rwxrwxrwx 1 user1 user1 8448 Dec 15 21:07 printuids
> ./printuids
ruid[1000], euid[1000], suid[1000]
> sudo chown root:root printuids
> ls -l printuids
-rwsrwxrwx 1 root root 8448 Dec 15 21:07 printuids
> sudo chmod u+s printuids
> ls -l printuids
-rwsrwxrwx 1 root root 8448 Dec 15 21:07 printuids
> ./printuids
ruid[1000], euid[0], suid[0]

sudo (superuser do)

Part 5: Sticky-bit

> touch testfile
> chmod +t testfile
> ls -l testfile
-rw-rw-r-T 1 root root 0 Dec 19 18:32 testfile
> chmod +x testfile
> ls -l testfile
-rw-rw-r-t 1 root root 0 Dec 19 18:32 testfile
> whoami
user1
> cd /tmp
> ls -l
-rwxrwxrwx 1 user2 user2 0 Dec 19 18:22 user2.txt
> rm user2.txt
rm: cannot remove 'user2.txt': Operation not permitted
> mv user2.txt user1.txt
mv: cannot move 'user2.txt' to 'user1.txt': Operation not permitted
> ls -l /
drwxrwxrwt 1 root root 4096 Dec 19 18:28 tmp

Part 6: Getting and Setting UIDs during run-time

  • An application that checks if it was executed by a specific user (e.g superuser) and exits if it wasn’t.
  • A privileged server process that creates child processes to handle incoming client connections, but doesn’t want the child handling process to be privileged as well. So it drops the child’s permissions right after creating (fork -ing) it.

Getting UIDs

uid_t getuid(void); // get the real UID
uid_t geteuid(void); // get the effective UID
#define _GNU_SOURCE
#include <unistd.h> // for getresuid & uid_t
#include <stdio.h> // for printf
#include <errno.h> // for perror
int main(int argc, char **argv) {
uid_t ruid, euid, suid;
if (getresuid(&ruid, &euid, &suid)) {
perror("getresuid");
return 1;
}

printf("ruid[%u], euid[%u], suid[%u]\n", ruid, euid, suid);
return 0;
}

Setting UIDs

  • The superuser (UID 0) can change any of its UIDs to any arbitrary UID. Yes, one can change its UID to a value not registered as a valid user.
  • An unprivileged user can change any of its UIDs to one of: the current real UID, the current effective UID or the current saved set-user-ID
int setuid(uid_t uid);
int seteuid(uid_t euid);
int setreuid(uid_t ruid, uid_t euid);
int setresuid(uid_t ruid, uid_t euid, uid_t suid);
int setfsuid(uid_t fsuid);

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Daniel Trugman

Daniel Trugman

A software specialist passionate about elegant and efficient technology. I Love learning and sharing my knowledge.