Programming 89reader@hacking:~/booksrc $ sudo su jose
jose@hacking:/home/reader/booksrc $ id
uid=501(jose) gid=501(jose) groups=501(jose)
jose@hacking:/home/reader/booksrc $
As the user jose, the simplenote program will run as jose if it is executed,
but it won’t have access to the /tmp/notes file. This file is owned by the user
reader, and it only allows read and write permission to its owner.
jose@hacking:/home/reader/booksrc $ ls -l /tmp/notes
-rw------- 1 reader reader 36 2007-09-07 05:20 /tmp/notes
jose@hacking:/home/reader/booksrc $ ./simplenote "a note for jose"
[DEBUG] buffer @ 0x804a008: 'a note for jose'
[DEBUG] datafile @ 0x804a070: '/tmp/notes'
[!!] Fatal Error in main() while opening file: Permission denied
jose@hacking:/home/reader/booksrc $ cat /tmp/notes
cat: /tmp/notes: Permission denied
jose@hacking:/home/reader/booksrc $ exit
exit
reader@hacking:~/booksrc $
This is fine if reader is the only user of the simplenote program; however,
there are many times when multiple users need to be able to access certain
portions of the same file. For example, the /etc/passwd file contains account
information for every user on the system, including each user’s default login
shell. The command chsh allows any user to change his or her own login shell.
This program needs to be able to make changes to the /etc/passwd file, but
only on the line that pertains to the current user’s account. The solution to
this problem in Unix is the set user ID (setuid) permission. This is an addi-
tional file permission bit that can be set using chmod. When a program with
this flag is executed, it runs as the user ID of the file’s owner.
reader@hacking:~/booksrc $ which chsh
/usr/bin/chsh
reader@hacking:~/booksrc $ ls -l /usr/bin/chsh /etc/passwd
-rw-r--r-- 1 root root 1424 2007-09-06 21:05 /etc/passwd
-rwsr-xr-x 1 root root 23920 2006-12-19 20:35 /usr/bin/chsh
reader@hacking:~/booksrc $
The chsh program has the setuid flag set, which is indicated by an s in the
ls output above. Since this file is owned by root and has the setuid permission
set, the program will run as the root user when any user runs this program.
The /etc/passwd file that chsh writes to is also owned by root and only allows
the owner to write to it. The program logic in chsh is designed to only allow
writing to the line in /etc/passwd that corresponds to the user running the
program, even though the program is effectively running as root. This
means that a running program has both a real user ID and an effective user
ID. These IDs can be retrieved using the functions getuid() and geteuid(),
respectively, as shown in uid_demo.c.