#include<stdio.h>
#include<sys/types.h>
#include<unistd.h>
void main()
{
printf("Real user id = %d, Effective User id = %d\n",getuid(),geteuid());
setuid(1000);
printf("Real user id = %d, Effective User id = %d\n",getuid(),geteuid());
setuid(1014);
printf("Real user id = %d, Effective User id = %d\n",getuid(),geteuid());
}
输出:
guest $ ./a.out
Real user id = 1000, Effective User id = 1014
Real user id = 1000, Effective User id = 1000
Real user id = 1000, Effective User id = 1014
guest $
#include<stdio.h>
#include<sys/types.h>
#include<unistd.h>
void main()
{
printf("Real user id = %d, Effective User id = %d\n",getuid(),geteuid());
seteuid(1000);
printf("Real user id = %d, Effective User id = %d\n",getuid(),geteuid());
seteuid(1014);
printf("Real user id = %d, Effective User id = %d\n",getuid(),geteuid());
}
输出:
guest $ ./a.out
Real user id = 1000, Effective User id = 1014
Real user id = 1000, Effective User id = 1000
Real user id = 1000, Effective User id = 1014
guest $
两个程序都提供相同的输出。那么,这两个功能有什么区别?根据参考(手册页),这两个函数用于设置进程的有效用户ID。这两个程序的功能在哪里不同?
答案 0 :(得分:9)
The documentation非常清楚差异:
如果用户是root用户或程序是set-user-ID-root,则必须特别小心。 setuid()函数检查调用者的有效用户ID,如果是超级用户,则所有与进程相关的用户ID都设置为uid。发生这种情况后,程序无法重新获得root权限。
因此,一个set-user-ID-root程序希望暂时删除root权限,假定一个非特权用户的身份,然后重新获得root权限,不能使用 setuid()。您可以使用 seteuid 完成此操作。