Linux — Advanced Permissions Management

Process Permissions

Previously, I introduced how human users interact with files and the associated permissions. Now, let’s shift our focus to processes and the various user IDs that are relevant in the context of runtime permissions:

Real UID (User ID)

• The Real UID is the identifier of the user who initiated the process. It signifies the process’s ownership from the perspective of the human user.
• A process can ascertain its Real UID using the getuid system call. You can also find it via the shell using stat -c “%u %g” /proc/$pid/.

Effective UID

• The Linux kernel utilizes the Effective UID to determine a process’s permissions for accessing shared resources like message queues. While traditional UNIX systems use this for file access, Linux historically employed a separate filesystem UID for this purpose (as discussed next), though it still supports the traditional method for compatibility.
• A process can retrieve its Effective UID through the geteuid system call.

Saved set-user-ID

• Used particularly in setuid scenarios, Saved set-user-IDs allow a process to adopt privileges by toggling its Effective UID between the Real UID and the…